CVE-2025-66921

Description

A Cross-site scripting (XSS) vulnerability in Create/Update Item(s) Module in Open Source Point of Sale v3.4.1 allows remote attackers to inject arbitrary web script or HTML via the "name" parameter.

PUBLISHED Reserved 2025-12-08 | Published 2025-12-17 | Updated 2025-12-17 | Assigner mitre

References

github.com/...ty-research/blob/main/CVE-2025-66921/readme.md exploit

github.com/opensourcepos/opensourcepos

github.com/...ty-research/blob/main/CVE-2025-66921/readme.md

cve.org (CVE-2025-66921)

nvd.nist.gov (CVE-2025-66921)

Download JSON

Data based on CVE®. Copyright © 1999-2025, The MITRE Corporation. All rights reserved.