CVE-2025-66923

None

Description

A Cross-site scripting (XSS) vulnerability in Create/Update Customer(s) in Open Source Point of Sale v3.4.1 allows remote attackers to inject arbitrary web script or HTML via the phone_number parameter.

INFO

Published Date :

2025-12-17T00:00:00.000Z

Last Modified :

2025-12-17T18:48:04.045Z

Source :

mitre

AFFECTED PRODUCTS

The following products are affected by CVE-2025-66923 vulnerability.

Vendors	Products
Opensourcepos	Open Source Point Of Sale

REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2025-66923.

URL	Resource
https://github.com/omkaryepre/vulnerability-research/blob/main/CVE-2025-66923/readme.md
https://github.com/opensourcepos/opensourcepos

CVSS Vulnerability Scoring System

V3.1

Detailed values of each vector for above chart.

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Scope

Confidentiality Impact

Integrity Impact

Availability Impact