CVE-2025-70092

Severity CVSS v4.0:

Pending analysis

Type:

Unavailable / Other

Publication date:

12/02/2026

Last modified:

13/02/2026

Description

A cross-site scripting (XSS) vulnerability in the Item Kits function of OpenSourcePOS v3.4.1 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Item Name parameter.

Impact

References to Advisories, Solutions, and Tools

https://github.com/hungnqdz/cve-research/blob/main/CVE-2025-70092.md