JVN iPedia http://jvndb.jvn.jp Advisory JVNDB-2026-003998 OpenSourcePOS v3.4.1のアイテム管理および販売請求書機能にはクロスサイトスクリプティング（XSS）脆弱性が存在し、攻撃者が細工されたペイロードを注入して任意のウェブスクリプトやHTMLを実行できます。 cpe:/a:opensourcepos:open_source_point_of_sale https://jvndb.jvn.jp/ja/contents/2026/JVNDB-2026-003998.html Common Vulnerabilities and Exposures (CVE) CVE-2025-70095 https://www.cve.org/CVERecord?id=CVE-2025-70095 National Vulnerability Database (NVD) CVE-2025-70095 https://nvd.nist.gov/vuln/detail/CVE-2025-70095 Code cve-research/CVE-2025-70095.md at main hungnqdz/cve-research GitHub https://github.com/hungnqdz/cve-research/blob/main/CVE-2025-70095.md JVNDB CWE-79 https://jvndb.jvn.jp/ja/cwe/CWE-79.html 関連文書 GitHub - opensourcepos/opensourcepos: Open Source Point of Sale is a web based point of sale application written in PHP using CodeIgniter framework. It uses MySQL as the data back end and has a Bootstrap 3 based user interface. https://github.com/opensourcepos/opensourcepos 2026-02-19T15:27:38+09:00 2026-02-19T15:27:38+09:00