Cups Easy is a PHP-based purchasing and inventory software that may become a full-fledged ERP in the future. A cross-site scripting vulnerability exists in Cups Easy version 1.0, which stems from insufficient escaping of the grnno parameter on the /cupseasylive/grnprint.php page. An attacker could use this vulnerability to steal the victim’s cookie-based authentication credentials.
CPE | Name | Operator | Version |
---|---|---|---|
cups easy cups easy v | eq | 1.0 |