CVE-2025-66923

Published
View on NVD ↗
CVSS v3
7.2
HIGH
CVSS v2
N/A
Affected
2
PROJECTS

Description

A Cross-site scripting (XSS) vulnerability in Create/Update Customer(s) in Open Source Point of Sale v3.4.1 allows remote attackers to inject arbitrary web script or HTML via the phone_number parameter.

omkaryepre/vulnerability-research
omkaryepre/vulnerability-research
This repository contains information on the CVEs I found.
GitHubGitHub
1
opensourcepos/opensourcepos
opensourcepos/opensourcepos
Open Source Point of Sale is a web based point of sale application written in PHP using CodeIgniter framework. It uses MySQL as the data back end and has a Bootstrap 3 based user interface. If you like this project, please give it a star! Doing so helps maintain Popular OSS status for the project.
GitHubGitHub
4.25K