CVE-2025-70094 PUBLISHED

Assigner: mitre
Reserved: 09.01.2026 Published: 13.02.2026 Updated: 13.02.2026

A cross-site scripting (XSS) vulnerability in the Generate Item Barcode function of OpenSourcePOS v3.4.1 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Item Category parameter.

Product Status

Vendor	n/a
Product	n/a
Versions	Version n/a is affected

References

https://www.opensourcepos.org
https://github.com/opensourcepos/opensourcepos/pull/4357
https://github.com/hungnqdz/cve-research/blob/main/CVE-2025-70094.md

Problem Types

n/a text