Lucene search
PRIOn knowledge basePRION:CVE-2024-23860HistoryJan 26, 2024 - 9:15 a.m.
Cross site scripting
2024-01-2609:15:00
PRIOn knowledge base
www.prio-n.com
3
vulnerability
cups easy
purchase & inventory
version 1.0
cross-site scripting
xss
remote attackers
currencylist.php
A vulnerability has been reported in Cups Easy (Purchase & Inventory), version 1.0, whereby user-controlled inputs are not sufficiently encoded, resulting in a Cross-Site Scripting (XSS) vulnerability via /cupseasylive/currencylist.php, in the description parameter. Exploitation of this vulnerability could allow a remote attacker to send a specially crafted URL to an authenticated user and steal their session cookie credentials.
Related
cvelist
cvelist
CVE-2024-23860 Cross-Site Scripting (XSS) vulnerability in Cups Easy
2024-01-26 09:05:45
cve
cve
CVE-2024-23860
2024-01-26 09:15:09
nvd
nvd
CVE-2024-23860
2024-01-26 09:15:09
cnvd
cnvd
Cups Easy cross-site scripting vulnerability (CNVD-2024-11131)
2024-01-30 00:00:00