3 matches found
CVE-2024-23875
creationtimestamp| type| source ---|---|--- 2024-01-26 11:26:59+00:00| seen| https://t.me/ctinow/174154 2024-02-19 14:51:39+00:00| seen| https://t.me/ctinow/187708...
CVE-2024-23875 Cross-Site Scripting (XSS) vulnerability in Cups Easy
A vulnerability has been reported in Cups Easy Purchase & Inventory, version 1.0, whereby user-controlled inputs are not sufficiently encoded, resulting in a Cross-Site Scripting XSS vulnerability via /cupseasylive/stockissuancedisplay.php, in the issuanceno parameter. Exploitation of this...
CVE-2024-23875
CVE-2024-23875 affects Cups Easy (Purchase & Inventory) 1.0, with a Cross-Site Scripting vulnerability in the issuanceno parameter of /cupseasylive/stockissuancedisplay.php. The root cause is insufficient encoding/escaping of user-controlled input, allowing an attacker to craft a URL that, when v...