CVE-2024-23880
CVE-2024-23880 affects Cups Easy (Purchase & Inventory) v1.0. The vulnerability is an XSS in the /cupseasylive/taxcodelist.php endpoint, caused by insufficient encoding of the description parameter. An attacker could lure an authenticated user to a crafted URL and potentially capture session cred...