CVE-2024-23874

A vulnerability has been reported in Cups Easy Purchase & Inventory, version 1.0, whereby user-controlled inputs are not sufficiently encoded, resulting in a Cross-Site Scripting XSS vulnerability via /cupseasylive/companymodify.php, in the address1 parameter. Exploitation of this vulnerability...

PT-2024-20143 · Cups Easy · Cups Easy

Name of the Vulnerable Software and Affected Versions: Cups Easy Purchase & Inventory version 1.0 Description: A Cross-Site Scripting XSS issue has been reported due to insufficient encoding of user-controlled inputs. This issue can be exploited via the "/cupseasylive/companymodify.php" API...

Cross site scripting

A stored cross-site scripting XSS vulnerability was identified in Apperta Foundation OpenEyes 3.5.1. Updating a patient's details allows remote attackers to inject arbitrary web script or HTML via the Address1 parameter. This JavaScript then executes when the patient profile is loaded, which coul...

Apperta Foundation OpenEyes 跨站脚本漏洞

Apperta Foundation OpenEyes is an open source electronic medical record ERP from the Apperta Foundation. A security vulnerability in Apperta Foundation OpenEyes 3.5.1 allows remote attackers to inject arbitrary web script or HTML via the Address1 parameter...

UBUNTU-CVE-2021-3298

Collabtive 3.1 allows XSS when an authenticated user enters an XSS payload into the address section of the profile edit page, aka the manageuser.php?action=edit address1 parameter...

CVE-2021-3298

Collabtive 3.1 allows XSS when an authenticated user enters an XSS payload into the address section of the profile edit page, aka the manageuser.php?action=edit address1 parameter...