Cross-Site Scripting Vulnerability in OpenSourcePOS by OpenSourcePOS
CVE-2025-70091
6.5MEDIUM
What is CVE-2025-70091?
A cross-site scripting vulnerability exists in the Customers function of OpenSourcePOS v3.4.1, enabling attackers to execute arbitrary web scripts or HTML. This is achieved by injecting a malicious payload into the Phone Number parameter, which can compromise user data and lead to unauthorized access. Ensuring proper input validation and sanitation is crucial to mitigating such vulnerabilities.