Cups Easy is a PHP-based purchasing and inventory software that may become a full-fledged ERP in the future. Cups Easy suffers from a cross-site scripting vulnerability due to the companymodify.php script improperly validating user-supplied input. An attacker could use this vulnerability to steal the victimβs cookie-based authentication credentials.