CVE-2025-70091
EUVD-2025-20753913.02.2026, 16:16
A cross-site scripting (XSS) vulnerability in the Customers function of OpenSourcePOS v3.4.1 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Phone Number parameter.
Affected Products (NVD)
| Vendor | Product | Version |
|---|---|---|
| opensourcepos | open_source_point_of_sale | 3.4.1 |
𝑥
= Vulnerable software versions