Lucene search
PRIOn knowledge basePRION:CVE-2024-23878HistoryJan 26, 2024 - 10:15 a.m.
Cross site scripting
2024-01-2610:15:00
PRIOn knowledge base
www.prio-n.com
5
vulnerability report
user-controlled inputs
insufficient encoding
cross-site scripting
xss
remote attacker
crafted url
session cookie theft
A vulnerability has been reported in Cups Easy (Purchase & Inventory), version 1.0, whereby user-controlled inputs are not sufficiently encoded, resulting in a Cross-Site Scripting (XSS) vulnerability via /cupseasylive/grnprint.php, in the grnno parameter. Exploitation of this vulnerability could allow a remote attacker to send a specially crafted URL to an authenticated user and steal their session cookie credentials.
Related
cve
cve
CVE-2024-23878
2024-01-26 10:15:10
nvd
nvd
CVE-2024-23878
2024-01-26 10:15:10
cvelist
cvelist
CVE-2024-23878 Cross-Site Scripting (XSS) vulnerability in Cups Easy
2024-01-26 09:14:30
cnvd
cnvd
Cups Easy cross-site scripting vulnerability (CNVD-2024-11138)
2024-01-30 00:00:00