Lucene search
China National Vulnerability DatabaseCNVD-2024-11134HistoryJan 30, 2024 - 12:00 a.m.
Cups Easy cross-site scripting vulnerability (CNVD-2024-11134)
2024-01-3000:00:00
China National Vulnerability Database
www.cnvd.org.cn
4
cups easy
php software
cross-site scripting
vulnerability
grnno parameter
authentication credentials
Cups Easy is a PHP-based purchasing and inventory software that may become a full-fledged ERP in the future. Cups Easy suffers from a cross-site scripting vulnerability that stems from insufficient escaping of the grnno parameter on the /cupseasylive/grndisplay.php page. An attacker could use this vulnerability to steal the victim’s cookie-based authentication credentials.
| CPE | Name | Operator | Version |
|---|---|---|---|
| cups easy cups easy v | eq | 1.0 |
Related
prion
prion
Cross site scripting
2024-01-26 09:15:00
nvd
nvd
CVE-2024-23862
2024-01-26 09:15:09
cvelist
cvelist
CVE-2024-23862 Cross-Site Scripting (XSS) vulnerability in Cups Easy
2024-01-26 09:06:34
cve
cve
CVE-2024-23862
2024-01-26 09:15:09