Description

Open Source Point of Sale is a web based point-of-sale application written in PHP using CodeIgniter framework. Prior to 3.4.3, a Stored Cross-Site Scripting (XSS) vulnerability exists in the Daily Sales management table. The customer_name column is configured with escape: false in the bootstrap-table column configuration, causing customer names to be rendered as raw HTML. An attacker with customer management permissions can inject arbitrary JavaScript into a customer's first_name or last_name field, which executes in the browser of any user viewing the Daily Sales page. This vulnerability is fixed in 3.4.3.

INFO

Published Date :

2026-04-07T20:37:30.661Z

Last Modified :

2026-04-08T14:32:34.191Z

Source :

GitHub_M
AFFECTED PRODUCTS

The following products are affected by CVE-2026-32712 vulnerability.

Vendors Products
Opensourcepos
  • Opensourcepos
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2026-32712.

URL Resource
https://github.com/opensourcepos/opensourcepos/security/advisories/GHSA-hcfr-9hfv-mcwp cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact