Filtered by vendor Opensourcepos
Subscriptions
Filtered by product Open Source Point Of Sale
Subscriptions
Total
2 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-63800 | 1 Opensourcepos | 1 Open Source Point Of Sale | 2025-11-19 | 7.5 High |
| The password change endpoint in Open Source Point of Sale 3.4.1 allows users to set their account password to an empty string due to missing server-side validation. When an authenticated user omits or leaves the `password` and `repeat_password` parameters empty in the password change request, the backend still returns a successful response and sets the password to an empty string. This effectively disables authentication and may allow unauthorized access to user or administrative accounts. | ||||
| CVE-2022-34578 | 1 Opensourcepos | 1 Open Source Point Of Sale | 2024-11-21 | 7.2 High |
| Open Source Point of Sale v3.3.7 was discovered to contain an arbitrary file upload vulnerability via the Update Branding Settings page. | ||||
Page 1 of 1.