Lucene search
China National Vulnerability DatabaseCNVD-2024-11149HistoryJan 30, 2024 - 12:00 a.m.
Cups Easy cross-site scripting vulnerability (CNVD-2024-11149)
2024-01-3000:00:00
China National Vulnerability Database
www.cnvd.org.cn
6
cups easy
php
cross-site scripting
vulnerability
parameter escaping
stock issuance
credential theft
Cups Easy is a PHP-based purchasing and inventory software that may become a full-fledged ERP in the future. Cups Easy suffers from a cross-site scripting vulnerability that stems from insufficient escaping of the issuancecreate parameter on the /cupseasylive/stockissuancecreate.php page. An attacker could use this vulnerability to steal the victimβs cookie-based authentication credentials.
Related
prion
prion
Cross site scripting
2024-01-26 11:15:00
cvelist
cvelist
CVE-2024-23894 Cross-Site Scripting (XSS) vulnerability in Cups Easy
2024-01-26 10:18:03
cve
cve
CVE-2024-23894
2024-01-26 11:15:09
nvd
nvd
CVE-2024-23894
2024-01-26 11:15:09