4 matches found
CVE-2024-23859
creationtimestamp| type| source ---|---|--- 2024-01-26 10:31:28+00:00| seen| https://t.me/ctinow/174115 2024-02-19 15:26:41+00:00| seen| https://t.me/ctinow/187750...
CVE-2024-23859
A vulnerability has been reported in Cups Easy Purchase & Inventory, version 1.0, whereby user-controlled inputs are not sufficiently encoded, resulting in a Cross-Site Scripting XSS vulnerability via /cupseasylive/taxstructurelinecreate.php, in the flatamount parameter. Exploitation of this...
CVE-2024-23859 Cross-Site Scripting (XSS) vulnerability in Cups Easy
A vulnerability has been reported in Cups Easy Purchase & Inventory, version 1.0, whereby user-controlled inputs are not sufficiently encoded, resulting in a Cross-Site Scripting XSS vulnerability via /cupseasylive/taxstructurelinecreate.php, in the flatamount parameter. Exploitation of this...
CVE-2024-23859
CVE-2024-23859 affects Cups Easy (Purchase & Inventory) v1.0. The XSS flaw arises from insufficient encoding in the flatamount parameter of /cupseasylive/taxstructurelinecreate.php. A remote attacker could lure an authenticated user to a crafted URL and potentially steal session cookies (impactin...