mirror of
https://github.com/opensourcepos/opensourcepos.git
synced 2026-03-11 19:50:25 -04:00
6818f02ef9
- Add Security Advisories section with 4 published CVEs - Include CVE ID, vulnerability description, CVSS score, publication date, fixed version, and reporter credits - Update supported versions table to reflect current state (>= 3.4.2) - Add link to GitHub Security Advisories page for complete list CVEs added: - CVE-2025-68434: CSRF leading to Admin Creation (8.8) - CVE-2025-68147: Stored XSS in Return Policy (8.1) - CVE-2025-66924: Stored XSS in Item Kits (7.2) - CVE-2025-68658: Stored XSS in Company Name (4.3)
2.2 KiB
2.2 KiB
Security Policy
Supported Versions
We release patches for security vulnerabilities.
| Version | Supported |
|---|---|
| >= 3.4.2 | ✅ |
| < 3.4.2 | ❌ |
Security Advisories
The following security vulnerabilities have been published:
High Severity
| CVE | Vulnerability | CVSS | Published | Fixed In | Credit |
|---|---|---|---|---|---|
| CVE-2025-68434 | CSRF leading to Admin Creation | 8.8 | 2025-12-17 | 3.4.2 | @Nixon-H, @jekkos |
| CVE-2025-68147 | Stored XSS in Return Policy | 8.1 | 2025-12-17 | 3.4.2 | @Nixon-H, @jekkos |
| CVE-2025-66924 | Stored XSS in Item Kits | 7.2 | 2026-03-04 | 3.4.2 | @hungnqdz, @omkaryepre |
Medium Severity
| CVE | Vulnerability | CVSS | Published | Fixed In | Credit |
|---|---|---|---|---|---|
| CVE-2025-68658 | Stored XSS in Company Name | 4.3 | 2026-01-13 | 3.4.2 | @hungnqdz |
For a complete list including draft advisories, see our GitHub Security Advisories page.
Reporting a Vulnerability
Please report (suspected) security vulnerabilities to jeroen@steganos.dev.
You will receive a response from us within 48 hours. If the issue is confirmed, we will release a patch as soon as possible depending on complexity but historically within a few days.