Skip to content

Security: odiea/opensourcepos

Security

SECURITY.md

Security Policy

Supported Versions

We release patches for security vulnerabilities.

Version Supported
>= 3.4.2
< 3.4.2

Security Advisories

The following security vulnerabilities have been published:

High Severity

CVE Vulnerability CVSS Published Fixed In Credit
CVE-2025-68434 CSRF leading to Admin Creation 8.8 2025-12-17 3.4.2 @Nixon-H, @jekkos
CVE-2025-68147 Stored XSS in Return Policy 8.1 2025-12-17 3.4.2 @Nixon-H, @jekkos
CVE-2025-66924 Stored XSS in Item Kits 7.2 2026-03-04 3.4.2 @hungnqdz, @omkaryepre

Medium Severity

CVE Vulnerability CVSS Published Fixed In Credit
CVE-2025-68658 Stored XSS in Company Name 4.3 2026-01-13 3.4.2 @hungnqdz

For a complete list including draft advisories, see our GitHub Security Advisories page.

Reporting a Vulnerability

Please report (suspected) security vulnerabilities to jeroen@steganos.dev.

You will receive a response from us within 48 hours. If the issue is confirmed, we will release a patch as soon as possible depending on complexity but historically within a few days.

There aren’t any published security advisories