Lucene search
K

4 matches found

Circl
Circl
added 2024/01/26 10:31 a.m.4 views

CVE-2024-23859

creationtimestamp| type| source ---|---|--- 2024-01-26 10:31:28+00:00| seen| https://t.me/ctinow/174115 2024-02-19 15:26:41+00:00| seen| https://t.me/ctinow/187750...

8.2CVSS6.1AI score0.00437EPSS
Exploits0References2
NVD
NVD
added 2024/01/26 9:15 a.m.13 views

CVE-2024-23859

A vulnerability has been reported in Cups Easy Purchase & Inventory, version 1.0, whereby user-controlled inputs are not sufficiently encoded, resulting in a Cross-Site Scripting XSS vulnerability via /cupseasylive/taxstructurelinecreate.php, in the flatamount parameter. Exploitation of this...

8.2CVSS7.2AI score0.00437EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/01/26 9:5 a.m.2 views

CVE-2024-23859 Cross-Site Scripting (XSS) vulnerability in Cups Easy

A vulnerability has been reported in Cups Easy Purchase & Inventory, version 1.0, whereby user-controlled inputs are not sufficiently encoded, resulting in a Cross-Site Scripting XSS vulnerability via /cupseasylive/taxstructurelinecreate.php, in the flatamount parameter. Exploitation of this...

8.2CVSS5.8AI score0.00437EPSS
Exploits0References1
CVE
CVE
added 2024/01/26 9:5 a.m.49 views

CVE-2024-23859

CVE-2024-23859 affects Cups Easy (Purchase & Inventory) v1.0. The XSS flaw arises from insufficient encoding in the flatamount parameter of /cupseasylive/taxstructurelinecreate.php. A remote attacker could lure an authenticated user to a crafted URL and potentially steal session cookies (impactin...

8.2CVSS5.8AI score0.00437EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder