Lucene search
China National Vulnerability DatabaseCNVD-2024-11132HistoryJan 30, 2024 - 12:00 a.m.
Cups Easy cross-site scripting vulnerability (CNVD-2024-11132)
2024-01-3000:00:00
China National Vulnerability Database
www.cnvd.org.cn
5
cups easy
php-based
erp software
cross-site scripting
currency modification
authentication credentials
vulnerability
Cups Easy is a PHP-based purchasing and inventory software that may become a full-fledged ERP in the future. Cups Easy suffers from a cross-site scripting vulnerability that stems from insufficient escaping of the currencyid parameter on the /cupseasylive/currencymodify.php page. An attacker could use this vulnerability to steal the victimβs cookie-based authentication credentials.
Related
cvelist
cvelist
CVE-2024-23873 Cross-Site Scripting (XSS) vulnerability in Cups Easy
2024-01-26 09:12:59
prion
prion
Cross site scripting
2024-01-26 10:15:00
nvd
nvd
CVE-2024-23873
2024-01-26 10:15:09
cve
cve
CVE-2024-23873
2024-01-26 10:15:09