CVE-2025-10066 MEDIUM

CVE-2025-10066: itsourcecode POS Point of Sale System dymanic_table.php cross site scripting

Vendor Itsourcecode
Product POS Point of Sale System
Weakness CWE-79 · XSS
Published September 7, 2025
Last update September 8, 2025
View on NVD All CVEs

CVSS base score

5.3/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P

What the vulnerability does

01Description

A security vulnerability has been detected in itsourcecode POS Point of Sale System 1.0. The affected element is an unknown function of the file /inventory/main/vendors/datatables/unit_testing/templates/dymanic_table.php. Such manipulation of the argument scripts leads to cross site scripting. The attack may be performed from remote. The exploit has been disclosed publicly and may be used.

Key dates

02Disclosure timeline

September 7, 2025 CVE published
September 8, 2025 Record updated

Related vulnerabilities

04Related CVE

CVE-2025-58266 WordPress Gianism plugin <= 6.0.0 - Cross Site Scripting (XSS) vulnerability CVE-2024-30449 WordPress Booking Activities plugin <= 1.15.19 - Cross Site Scripting (XSS) vulnerability CVE-2022-34218 AEM Reflected XSS Arbitrary code execution CVE-2025-58177 n8n stored cross-site scripting in LangChain Chat Trigger node initialMessages parameter CVE-2024-2474 Standout Color Boxes and Buttons <= 0.7.0 - Authenticated(Contributor+) Stored Cross-Site Scripting via Shortcode