Cross-Site Scripting Vulnerability in OpenSourcePOS by OpenSourcePOS
CVE-2025-70094

6.5MEDIUM

Key Information:

Vendor: OpenSourcePOS
Status: OpenSourcePOS
Vendor: CVE Published:; 13 February 2026

🔔 Create OpenSourcePOS Vulnerability Alert

What is CVE-2025-70094?

A cross-site scripting vulnerability exists in the Generate Item Barcode function of OpenSourcePOS version 3.4.1. This flaw allows attackers to execute arbitrary web scripts or HTML by injecting a crafted payload into the Item Category parameter. Exploiting this vulnerability could enable unauthorized actions within the application, potentially compromising user data and session integrity.

References

https://www.opensourcepos.org

https://github.com/opensourcepos/opensourcepos/pull/4357

https://github.com/hungnqdz/cve-research/blob/main/CVE-20...

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Feb 13, 2026
Vulnerability Reserved
Jan 9, 2026

CVE-2025-70094 Data

JSON