7 matches found
Cross site scripting
A vulnerability has been reported in Cups Easy Purchase & Inventory, version 1.0, whereby user-controlled inputs are not sufficiently encoded, resulting in a Cross-Site Scripting XSS vulnerability via /cupseasylive/countrycreate.php, in the countryid parameter. Exploitation of this vulnerability...
Cups Easy 1.0 - Cross Site Request Forgery (Password Reset) Vulnerability
Exploit for php platform in category web applications Title: Cups Easy 1.0 - Cross Site Request Forgery Password Reset Exploit Author: J3rryBl4nks Vendor Homepage: https://sourceforge.net/u/ajayshar76/profile/ Software Link: https://sourceforge.net/projects/cupseasy/files/cupseasylive-1.0/ Versio...
Cups Easy 1.0 - Cross Site Request Forgery (Password Reset)
Title: Cups Easy 1.0 - Cross Site Request Forgery Password Reset Date: 2020-01-28 Exploit Author: J3rryBl4nks Vendor Homepage: https://sourceforge.net/u/ajayshar76/profile/ Software Link: https://sourceforge.net/projects/cupseasy/files/cupseasylive-1.0/ Version: 1.0 Tested on Windows 10/Kali...
Cross site request forgery (csrf)
Cups Easy Purchase & Inventory 1.0 is vulnerable to CSRF that leads to admin account deletion via userdelete.php...
Cross site request forgery (csrf)
Cups Easy Purchase & Inventory 1.0 is vulnerable to CSRF that leads to admin account takeover via passwordmychange.php...
CVE-2020-8424
Cups Easy Purchase & Inventory 1.0 is vulnerable to CSRF that leads to admin account takeover via passwordmychange.php...
CVE-2020-8425
Cups Easy Purchase & Inventory 1.0 is vulnerable to CSRF that leads to admin account deletion via userdelete.php...