Cups Easy is a PHP-based purchasing and inventory software that may become a full-fledged ERP in the future. Cups Easy inherently suffers from a cross-site scripting vulnerability that stems from insufficient escaping of the costcenterid parameter on the /cupseasylive/costcentermodify.php page. An attacker could use this vulnerability to steal the victim’s cookie-based authentication credentials.