Description

Open Source Point of Sale is a web based point-of-sale application written in PHP using CodeIgniter framework. Prior to 3.4.3, a Stored Cross-Site Scripting (XSS) vulnerability exists in the Stock Locations configuration feature. The application fails to properly sanitize user input supplied through the stock_location parameter, allowing attackers to inject malicious JavaScript code that is stored in the database and executed when rendered in the Employees interface. This vulnerability is fixed in 3.4.3.

INFO

Published Date :

2026-04-07T19:49:13.692Z

Last Modified :

2026-04-08T15:49:45.758Z

Source :

GitHub_M
AFFECTED PRODUCTS

The following products are affected by CVE-2026-39380 vulnerability.

Vendors Products
Opensourcepos
  • Open Source Point Of Sale
  • Opensourcepos
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2026-39380.

URL Resource
https://github.com/opensourcepos/opensourcepos/security/advisories/GHSA-7hg5-68rx-xpmg cve-icon cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact