Lucene search
PRIOn knowledge basePRION:CVE-2024-23891HistoryJan 26, 2024 - 11:15 a.m.
Cross site scripting
2024-01-2611:15:00
PRIOn knowledge base
www.prio-n.com
4
cross site scripting
cups easy
itemid parameter
remote attacker
session cookie
A vulnerability has been reported in Cups Easy (Purchase & Inventory), version 1.0, whereby user-controlled inputs are not sufficiently encoded, resulting in a Cross-Site Scripting (XSS) vulnerability via /cupseasylive/itemcreate.php, in the itemid parameter. Exploitation of this vulnerability could allow a remote attacker to send a specially crafted URL to an authenticated user and steal their session cookie credentials.
Related
cnvd
cnvd
Cups Easy cross-site scripting vulnerability (CNVD-2024-11139)
2024-01-30 00:00:00
nvd
nvd
CVE-2024-23891
2024-01-26 11:15:08
cvelist
cvelist
CVE-2024-23891 Cross-Site Scripting (XSS) vulnerability in Cups Easy
2024-01-26 10:16:44
cve
cve
CVE-2024-23891
2024-01-26 11:15:08