Vendor
Open Source Point Of Sale Project
Products
1
CVEs
3
Across products
3
Status
Private
Products
1- 3 CVEs
Recent CVEs
3| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2025-63800 | Hig | 0.49 | 7.5 | 0.00 | Nov 18, 2025 | The password change endpoint in Open Source Point of Sale 3.4.1 allows users to set their account password to an empty string due to missing server-side validation. When an authenticated user omits or leaves the `password` and `repeat_password` parameters empty in the password… | ||
| CVE-2022-34578 | Hig | 0.47 | 7.2 | 0.01 | Jul 28, 2022 | Open Source Point of Sale v3.3.7 was discovered to contain an arbitrary file upload vulnerability via the Update Branding Settings page. | ||
| CVE-2015-0299 | 0.00 | — | 0.01 | Sep 29, 2015 | Multiple cross-site scripting (XSS) vulnerabilities in Open Source Point of Sale 2.3.1 allow remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. |
- risk 0.49cvss 7.5epss 0.00
The password change endpoint in Open Source Point of Sale 3.4.1 allows users to set their account password to an empty string due to missing server-side validation. When an authenticated user omits or leaves the `password` and `repeat_password` parameters empty in the password…
- risk 0.47cvss 7.2epss 0.01
Open Source Point of Sale v3.3.7 was discovered to contain an arbitrary file upload vulnerability via the Update Branding Settings page.
- CVE-2015-0299Sep 29, 2015risk 0.00cvss —epss 0.01
Multiple cross-site scripting (XSS) vulnerabilities in Open Source Point of Sale 2.3.1 allow remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.