94 matches found
Cross site scripting
A vulnerability has been reported in Cups Easy Purchase & Inventory, version 1.0, whereby user-controlled inputs are not sufficiently encoded, resulting in a Cross-Site Scripting XSS vulnerability via /cupseasylive/locationcreate.php, in the locationid parameter. Exploitation of this vulnerabilit...
CVE-2024-23895 Cross-Site Scripting (XSS) vulnerability in Cups Easy
A vulnerability has been reported in Cups Easy Purchase & Inventory, version 1.0, whereby user-controlled inputs are not sufficiently encoded, resulting in a Cross-Site Scripting XSS vulnerability via /cupseasylive/locationcreate.php, in the locationid parameter. Exploitation of this vulnerabilit...
CVE-2024-23895
Cups Easy (Purchase & Inventory) v1.0 has an XSS in /cupseasylive/locationcreate.php (locationid) due to insufficient input encoding. Exploitation could steal an authenticated user’s session cookies; no public exploit details are provided in the supplied documents, and remediation is not specified.
CVE-2024-23894
A vulnerability has been reported in Cups Easy Purchase & Inventory, version 1.0, whereby user-controlled inputs are not sufficiently encoded, resulting in a Cross-Site Scripting XSS vulnerability via /cupseasylive/stockissuancecreate.php, in the issuancedate parameter. Exploitation of this...
CVE-2024-23891
A vulnerability has been reported in Cups Easy Purchase & Inventory, version 1.0, whereby user-controlled inputs are not sufficiently encoded, resulting in a Cross-Site Scripting XSS vulnerability via /cupseasylive/itemcreate.php, in the itemid parameter. Exploitation of this vulnerability could...
CVE-2024-23891
A vulnerability has been reported in Cups Easy Purchase & Inventory, version 1.0, whereby user-controlled inputs are not sufficiently encoded, resulting in a Cross-Site Scripting XSS vulnerability via /cupseasylive/itemcreate.php, in the itemid parameter. Exploitation of this vulnerability could...
Cross site scripting
A vulnerability has been reported in Cups Easy Purchase & Inventory, version 1.0, whereby user-controlled inputs are not sufficiently encoded, resulting in a Cross-Site Scripting XSS vulnerability via /cupseasylive/stockissuancecreate.php, in the issuancedate parameter. Exploitation of this...
Cross site scripting
A vulnerability has been reported in Cups Easy Purchase & Inventory, version 1.0, whereby user-controlled inputs are not sufficiently encoded, resulting in a Cross-Site Scripting XSS vulnerability via /cupseasylive/costcentermodify.php, in the costcenterid parameter. Exploitation of this...
Cross site scripting
A vulnerability has been reported in Cups Easy Purchase & Inventory, version 1.0, whereby user-controlled inputs are not sufficiently encoded, resulting in a Cross-Site Scripting XSS vulnerability via /cupseasylive/itempopup.php, in the description parameter. Exploitation of this vulnerability...
CVE-2024-23896
CVE-2024-23896 affects Cups Easy (Purchase & Inventory) v1.0. The vulnerability is a Cross-Site Scripting (XSS) flaw caused by insufficient encoding of user-controlled inputs in the batchno parameter of /cupseasylive/stock.php, enabling an attacker to craft a URL that could steal session cookies ...
CVE-2024-23894 Cross-Site Scripting (XSS) vulnerability in Cups Easy
A vulnerability has been reported in Cups Easy Purchase & Inventory, version 1.0, whereby user-controlled inputs are not sufficiently encoded, resulting in a Cross-Site Scripting XSS vulnerability via /cupseasylive/stockissuancecreate.php, in the issuancedate parameter. Exploitation of this...
CVE-2024-23894
CVE-2024-23894 affects Cups Easy (Purchase & Inventory) v1.0. The vulnerability is a Cross-Site Scripting (XSS) flaw in the issuancedate parameter of the /cupseasylive/stockissuancecreate.php endpoint, caused by insufficient encoding of user-controlled input. Impact described in sources: an authe...
CVE-2024-23893
CVE-2024-23893 affects Cups Easy (Purchase & Inventory) v1.0. The vulnerability is a Cross-Site Scripting (XSS) flaw in the costcenterid parameter of /cupseasylive/costcentermodify.php caused by insufficient encoding. An attacker could lure an authenticated user to click a crafted URL, potentiall...
CVE-2024-23892
CVE-2024-23892 affects Cups Easy (Purchase & Inventory) 1.0. The vulnerability is a cross-site scripting flaw in the costcenterid parameter of /cupseasylive/costcentercreate.php, caused by insufficient encoding. An attacker could craft a URL to an authenticated user and potentially steal session ...
CVE-2024-23891
Cups Easy (Purchase & Inventory) version 1.0 is affected by an XSS in the /cupseasylive/itemcreate.php endpoint, via the itemid parameter, caused by insufficient input encoding. An attacker could entice an authenticated user to visit a crafted URL, potentially allowing theft of session cookies. P...
CVE-2024-23890
CVE-2024-23890 concerns Cups Easy (Purchase & Inventory) v1.0. The vulnerability is a Cross‑Site Scripting (XSS) flaw caused by insufficient encoding of the description parameter in the page /cupseasylive/itempopup.php, allowing an attacker to craft a URL that, when opened by an authenticated use...
CVE-2024-23890 Cross-Site Scripting (XSS) vulnerability in Cups Easy
A vulnerability has been reported in Cups Easy Purchase & Inventory, version 1.0, whereby user-controlled inputs are not sufficiently encoded, resulting in a Cross-Site Scripting XSS vulnerability via /cupseasylive/itempopup.php, in the description parameter. Exploitation of this vulnerability...
CVE-2024-23885
A vulnerability has been reported in Cups Easy Purchase & Inventory, version 1.0, whereby user-controlled inputs are not sufficiently encoded, resulting in a Cross-Site Scripting XSS vulnerability via /cupseasylive/countrymodify.php, in the countryid parameter. Exploitation of this vulnerability...
CVE-2024-23879
A vulnerability has been reported in Cups Easy Purchase & Inventory, version 1.0, whereby user-controlled inputs are not sufficiently encoded, resulting in a Cross-Site Scripting XSS vulnerability via /cupseasylive/statemodify.php, in the description parameter. Exploitation of this vulnerability...
CVE-2024-23875
A vulnerability has been reported in Cups Easy Purchase & Inventory, version 1.0, whereby user-controlled inputs are not sufficiently encoded, resulting in a Cross-Site Scripting XSS vulnerability via /cupseasylive/stockissuancedisplay.php, in the issuanceno parameter. Exploitation of this...