Home
Description
A cross-site scripting (XSS) vulnerability in the item management and sales invoice function of OpenSourcePOS v3.4.1 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload.
References
github.com/hungnqdz/cve-research/blob/main/CVE-2025-70095.md
github.com/opensourcepos/opensourcepos
github.com/hungnqdz/cve-research/blob/main/CVE-2025-70095.md