Lucene search
PRIOn knowledge basePRION:CVE-2024-23884HistoryJan 26, 2024 - 10:15 a.m.
Cross site scripting
2024-01-2610:15:00
PRIOn knowledge base
www.prio-n.com
5
cross site scripting
cups easy
remote attackers
session cookies
A vulnerability has been reported in Cups Easy (Purchase & Inventory), version 1.0, whereby user-controlled inputs are not sufficiently encoded, resulting in a Cross-Site Scripting (XSS) vulnerability via /cupseasylive/grnmodify.php, in the grndate parameter. Exploitation of this vulnerability could allow a remote attacker to send a specially crafted URL to an authenticated user and steal their session cookie credentials.
Related
cvelist
cvelist
CVE-2024-23884 Cross-Site Scripting (XSS) vulnerability in Cups Easy
2024-01-26 09:17:46
nvd
nvd
CVE-2024-23884
2024-01-26 10:15:11
cnvd
cnvd
Cups Easy cross-site scripting vulnerability (CNVD-2024-11137)
2024-01-30 00:00:00
cve
cve
CVE-2024-23884
2024-01-26 10:15:11