Writeup Exploits
60,946 exploits tracked across all sources.
Open Source Point of Sale 3.4.0-3.4.1 - Authenticated Stored Cross-Site Scripting in Company Name Field
Open Source Point of Sale (opensourcepos) is a web based point of sale application written in PHP using CodeIgniter framework. opensourcepos 3.4.0 and 3.4.1 has a stored XSS vulnerability exists in the Configuration (Information) functionality. An authenticated user with the permission “Configuration: Change OSPOS's Configuration” can inject a malicious JavaScript payload into the Company Name field when updating Information in Configuration. The malicious payload is stored and later triggered when a user accesses /sales/complete. First select Sales, and choose New Item to create an item, then click on Completed . Due to insufficient input validation and output encoding, the payload is rendered and executed in the user’s browser, resulting in a stored XSS vulnerability. This vulnerability is fixed in 3.4.2.
CVSS 4.3
Open Source Point of Sale 3.4.0-3.4.2 - Cross-Site Request Forgery via Disabled CSRF Filter
Open Source Point of Sale (opensourcepos) is a web based point of sale application written in PHP using CodeIgniter framework. Starting in version 3.4.0 and prior to version 3.4.2, a Cross-Site Request Forgery (CSRF) vulnerability exists in the application's filter configuration. The CSRF protection mechanism was **explicitly disabled**, allowing the application to process state-changing requests (POST) without verifying a valid CSRF token. An unauthenticated remote attacker can exploit this by hosting a malicious web page. If a logged-in administrator visits this page, their browser is forced to send unauthorized requests to the application. A successful exploit allows the attacker to silently create a new Administrator account with full privileges, leading to a complete takeover of the system and loss of confidentiality, integrity, and availability. The vulnerability has been patched in version 3.4.2. The fix re-enables the CSRF filter in `app/Config/Filters.php` and resolves associated AJAX race conditions by adjusting token regeneration settings. As a workaround, administrators can manually re-enable the CSRF filter in `app/Config/Filters.php` by uncommenting the protection line. However, this is not recommended without applying the full patch, as it may cause functionality breakage in the Sales module due to token synchronization issues.
CVSS 8.8
Open Source Point of Sale 3.4.0-3.4.2 - Cross-Site Request Forgery via Disabled CSRF Filter
Open Source Point of Sale (opensourcepos) is a web based point of sale application written in PHP using CodeIgniter framework. Starting in version 3.4.0 and prior to version 3.4.2, a Cross-Site Request Forgery (CSRF) vulnerability exists in the application's filter configuration. The CSRF protection mechanism was **explicitly disabled**, allowing the application to process state-changing requests (POST) without verifying a valid CSRF token. An unauthenticated remote attacker can exploit this by hosting a malicious web page. If a logged-in administrator visits this page, their browser is forced to send unauthorized requests to the application. A successful exploit allows the attacker to silently create a new Administrator account with full privileges, leading to a complete takeover of the system and loss of confidentiality, integrity, and availability. The vulnerability has been patched in version 3.4.2. The fix re-enables the CSRF filter in `app/Config/Filters.php` and resolves associated AJAX race conditions by adjusting token regeneration settings. As a workaround, administrators can manually re-enable the CSRF filter in `app/Config/Filters.php` by uncommenting the protection line. However, this is not recommended without applying the full patch, as it may cause functionality breakage in the Sales module due to token synchronization issues.
CVSS 8.8
Open Source Point of Sale 3.4.0-3.4.2 - Cross-Site Request Forgery via Disabled CSRF Filter
Open Source Point of Sale (opensourcepos) is a web based point of sale application written in PHP using CodeIgniter framework. Starting in version 3.4.0 and prior to version 3.4.2, a Cross-Site Request Forgery (CSRF) vulnerability exists in the application's filter configuration. The CSRF protection mechanism was **explicitly disabled**, allowing the application to process state-changing requests (POST) without verifying a valid CSRF token. An unauthenticated remote attacker can exploit this by hosting a malicious web page. If a logged-in administrator visits this page, their browser is forced to send unauthorized requests to the application. A successful exploit allows the attacker to silently create a new Administrator account with full privileges, leading to a complete takeover of the system and loss of confidentiality, integrity, and availability. The vulnerability has been patched in version 3.4.2. The fix re-enables the CSRF filter in `app/Config/Filters.php` and resolves associated AJAX race conditions by adjusting token regeneration settings. As a workaround, administrators can manually re-enable the CSRF filter in `app/Config/Filters.php` by uncommenting the protection line. However, this is not recommended without applying the full patch, as it may cause functionality breakage in the Sales module due to token synchronization issues.
CVSS 8.8
Open Source Point of Sale 3.4.0-3.4.2 - Stored Cross-Site Scripting in Return Policy Configuration Field
Open Source Point of Sale (opensourcepos) is a web based point of sale application written in PHP using CodeIgniter framework. Starting in version 3.4.0 and prior to version 3.4.2, a Stored Cross-Site Scripting (XSS) vulnerability exists in the "Return Policy" configuration field. The application does not properly sanitize user input before saving it to the database or displaying it on receipts. An attacker with access to the "Store Configuration" (such as a rogue administrator or an account compromised via the separate CSRF vulnerability) can inject malicious JavaScript payloads into this field. These payloads are executed in the browser of any user (including other administrators and sales staff) whenever they view a receipt or complete a transaction. This can lead to session hijacking, theft of sensitive data, or unauthorized actions performed on behalf of the victim. The vulnerability has been patched in version 3.4.2 by ensuring the output is escaped using the `esc()` function in the receipt template. As a temporary mitigation, administrators should ensure the "Return Policy" field contains only plain text and strictly avoid entering any HTML tags. There is no code-based workaround other than applying the patch.
CVSS 8.1
Open Source Point of Sale 3.4.0-3.4.2 - Stored Cross-Site Scripting in Return Policy Configuration Field
Open Source Point of Sale (opensourcepos) is a web based point of sale application written in PHP using CodeIgniter framework. Starting in version 3.4.0 and prior to version 3.4.2, a Stored Cross-Site Scripting (XSS) vulnerability exists in the "Return Policy" configuration field. The application does not properly sanitize user input before saving it to the database or displaying it on receipts. An attacker with access to the "Store Configuration" (such as a rogue administrator or an account compromised via the separate CSRF vulnerability) can inject malicious JavaScript payloads into this field. These payloads are executed in the browser of any user (including other administrators and sales staff) whenever they view a receipt or complete a transaction. This can lead to session hijacking, theft of sensitive data, or unauthorized actions performed on behalf of the victim. The vulnerability has been patched in version 3.4.2 by ensuring the output is escaped using the `esc()` function in the receipt template. As a temporary mitigation, administrators should ensure the "Return Policy" field contains only plain text and strictly avoid entering any HTML tags. There is no code-based workaround other than applying the patch.
CVSS 8.1
Open Source Point of Sale 3.4.1 - Stored Cross-Site Scripting via Item Kit Name Parameter
A Cross-site scripting (XSS) vulnerability in Create/Update Item Kit(s) in Open Source Point of Sale v3.4.1 allows remote attackers to inject arbitrary web script or HTML via the "name" parameter.
CVSS 6.1
Open Source Point of Sale 3.4.1 - Stored Cross-Site Scripting via Phone Number Parameter
A Cross-site scripting (XSS) vulnerability in Create/Update Customer(s) in Open Source Point of Sale v3.4.1 allows remote attackers to inject arbitrary web script or HTML via the phone_number parameter.
CVSS 7.2
Open Source Point of Sale 3.4.1 - Stored Cross-Site Scripting via Item Name Parameter
A Cross-site scripting (XSS) vulnerability in Create/Update Item(s) Module in Open Source Point of Sale v3.4.1 allows remote attackers to inject arbitrary web script or HTML via the "name" parameter.
CVSS 7.2
Monica 4.1.2 - Host Header Poisoning
A Host Header Poisoning vulnerability exists in Monica 4.1.2 due to improper handling of the HTTP Host header in app/Providers/AppServiceProvider.php, combined with the default misconfiguration where the "app.force_url" is not set and default is "false". The application generates absolute URLs (such as those used in password reset emails) using the user-supplied Host header. This allows remote attackers to poison the password reset link sent to a victim,
CVSS 9.1
Monica 4.1.2 - Host Header Poisoning
A Host Header Poisoning vulnerability exists in Monica 4.1.2 due to improper handling of the HTTP Host header in app/Providers/AppServiceProvider.php, combined with the default misconfiguration where the "app.force_url" is not set and default is "false". The application generates absolute URLs (such as those used in password reset emails) using the user-supplied Host header. This allows remote attackers to poison the password reset link sent to a victim,
CVSS 9.1
Monica 4.0.0 - Authenticated Stored Cross-Site Scripting via SVG Upload
A stored cross-site scripting (XSS) vulnerability exists in Monica (aka MonicaHQ) 4.0.0 via an SVG document uploaded by an authenticated user.
CVSS 5.4
Monica 2.19.1 - Stored Cross-Site Scripting via Nickname Field
The Contact page in Monica 2.19.1 allows stored XSS via the Nickname field.
CVSS 5.4
Monica 2.19.1 - Stored Cross-Site Scripting via Nickname Field
The Contact page in Monica 2.19.1 allows stored XSS via the Nickname field.
CVSS 5.4
Monica 2.19.1 - Stored Cross-Site Scripting in Contact Description Field
The Contact page in Monica 2.19.1 allows stored XSS via the Description field.
CVSS 5.4
Monica 2.19.1 - Stored Cross-Site Scripting in Contact Description Field
The Contact page in Monica 2.19.1 allows stored XSS via the Description field.
CVSS 5.4
Monica 2.19.1 - Stored Cross-Site Scripting via Last Name Field
The Contact page in Monica 2.19.1 allows stored XSS via the Last Name field.
CVSS 5.4
Monica 2.19.1 - Stored Cross-Site Scripting via Last Name Field
The Contact page in Monica 2.19.1 allows stored XSS via the Last Name field.
CVSS 5.4
Monica 2.19.1 - Stored Cross-Site Scripting via Middle Name Field
The Contact page in Monica 2.19.1 allows stored XSS via the Middle Name field.
CVSS 5.4
Monica 2.19.1 - Stored Cross-Site Scripting via Middle Name Field
The Contact page in Monica 2.19.1 allows stored XSS via the Middle Name field.
CVSS 5.4
Monica 2.19.1 - Stored Cross-Site Scripting via Contact First Name Field
The Contact page in Monica 2.19.1 allows stored XSS via the First Name field.
CVSS 5.4
Monica 2.19.1 - Stored Cross-Site Scripting via Contact First Name Field
The Contact page in Monica 2.19.1 allows stored XSS via the First Name field.
CVSS 5.4
Monica < 2.19.1 - Cross-Site Scripting via Journal Page
Cross Site Scripting (XSS) in Monica before 2.19.1 via the journal page.
CVSS 5.4
Monica < 2.19.1 - Cross-Site Scripting via Journal Page
Cross Site Scripting (XSS) in Monica before 2.19.1 via the journal page.
CVSS 5.4
@langchain/langgraph-checkpoint-redis - Command Injection
@langchain/langgraph-checkpoint-redis is the Redis checkpoint and store implementation for LangGraph. A query injection vulnerability exists in the @langchain/langgraph-checkpoint-redis package's filter handling. The RedisSaver and ShallowRedisSaver classes construct RediSearch queries by directly interpolating user-provided filter keys and values without proper escaping. RediSearch has special syntax characters that can modify query behavior, and when user-controlled data contains these characters, the query logic can be manipulated to bypass intended access controls. This vulnerability is fixed in 1.0.2.
CVSS 6.5
By Source