45 matches found
CVE-2024-2597
Vulnerability in AMSS++ version 4.31, which does not sufficiently encode user-controlled input, resulting in a Cross-Site Scripting XSS vulnerability through /amssplus/modules/book/main/bookdetailschoolperson.php, in the 'bid' parameter. This vulnerability could allow a remote attacker to send a...
CVE-2024-2593
Vulnerability in AMSS++ version 4.31, which does not sufficiently encode user-controlled input, resulting in a Cross-Site Scripting XSS vulnerability through /amssplus/modules/book/main/bookdetailgroup.php, in the 'bid' parameter. This vulnerability could allow a remote attacker to send a special...
CVE-2024-2598 Cross-Site Scripting (XSS) in AMSS++
Vulnerability in AMSS++ version 4.31, which does not sufficiently encode user-controlled input, resulting in a Cross-Site Scripting XSS vulnerability through /amssplus/modules/book/main/selectsend2.php, in multiple parameters. This vulnerability could allow a remote attacker to send a specially...
CVE-2024-2597 Cross-Site Scripting (XSS) in AMSS++
Vulnerability in AMSS++ version 4.31, which does not sufficiently encode user-controlled input, resulting in a Cross-Site Scripting XSS vulnerability through /amssplus/modules/book/main/bookdetailschoolperson.php, in the 'bid' parameter. This vulnerability could allow a remote attacker to send a...
CVE-2024-2596 Cross-Site Scripting (XSS) in AMSS++
Vulnerability in AMSS++ version 4.31, which does not sufficiently encode user-controlled input, resulting in a Cross-Site Scripting XSS vulnerability through /amssplus/modules/mail/main/selectsend.php, in multiple parameters. This vulnerability could allow a remote attacker to send a specially...
CVE-2024-2596 Cross-Site Scripting (XSS) in AMSS++
Vulnerability in AMSS++ version 4.31, which does not sufficiently encode user-controlled input, resulting in a Cross-Site Scripting XSS vulnerability through /amssplus/modules/mail/main/selectsend.php, in multiple parameters. This vulnerability could allow a remote attacker to send a specially...
CVE-2024-2594 Cross-Site Scripting (XSS) in AMSS++
Vulnerability in AMSS++ version 4.31, which does not sufficiently encode user-controlled input, resulting in a Cross-Site Scripting XSS vulnerability through /amssplus/admin/index.php, in multiple parameters. This vulnerability could allow a remote attacker to send a specially crafted URL to an...
Cross site scripting
A vulnerability has been reported in Cups Easy Purchase & Inventory, version 1.0, whereby user-controlled inputs are not sufficiently encoded, resulting in a Cross-Site Scripting XSS vulnerability via /cupseasylive/locationcreate.php, in the locationid parameter. Exploitation of this vulnerabilit...
CVE-2024-23895 Cross-Site Scripting (XSS) vulnerability in Cups Easy
A vulnerability has been reported in Cups Easy Purchase & Inventory, version 1.0, whereby user-controlled inputs are not sufficiently encoded, resulting in a Cross-Site Scripting XSS vulnerability via /cupseasylive/locationcreate.php, in the locationid parameter. Exploitation of this vulnerabilit...
CVE-2024-23896
A vulnerability has been reported in Cups Easy Purchase & Inventory, version 1.0, whereby user-controlled inputs are not sufficiently encoded, resulting in a Cross-Site Scripting XSS vulnerability via /cupseasylive/stock.php, in the batchno parameter. Exploitation of this vulnerability could allo...
Cross site scripting
A vulnerability has been reported in Cups Easy Purchase & Inventory, version 1.0, whereby user-controlled inputs are not sufficiently encoded, resulting in a Cross-Site Scripting XSS vulnerability via /cupseasylive/stockissuancecreate.php, in the issuancedate parameter. Exploitation of this...
Cross site scripting
A vulnerability has been reported in Cups Easy Purchase & Inventory, version 1.0, whereby user-controlled inputs are not sufficiently encoded, resulting in a Cross-Site Scripting XSS vulnerability via /cupseasylive/stock.php, in the batchno parameter. Exploitation of this vulnerability could allo...
Cross site scripting
A vulnerability has been reported in Cups Easy Purchase & Inventory, version 1.0, whereby user-controlled inputs are not sufficiently encoded, resulting in a Cross-Site Scripting XSS vulnerability via /cupseasylive/itempopup.php, in the description parameter. Exploitation of this vulnerability...
CVE-2024-23890
CVE-2024-23890 concerns Cups Easy (Purchase & Inventory) v1.0. The vulnerability is a Cross‑Site Scripting (XSS) flaw caused by insufficient encoding of the description parameter in the page /cupseasylive/itempopup.php, allowing an attacker to craft a URL that, when opened by an authenticated use...
CVE-2024-23882
A vulnerability has been reported in Cups Easy Purchase & Inventory, version 1.0, whereby user-controlled inputs are not sufficiently encoded, resulting in a Cross-Site Scripting XSS vulnerability via /cupseasylive/taxcodecreate.php, in the taxcodeid parameter. Exploitation of this vulnerability...
CVE-2024-23871
A vulnerability has been reported in Cups Easy Purchase & Inventory, version 1.0, whereby user-controlled inputs are not sufficiently encoded, resulting in a Cross-Site Scripting XSS vulnerability via /cupseasylive/unitofmeasurementmodify.php, in the description parameter. Exploitation of this...
Cross site scripting
A vulnerability has been reported in Cups Easy Purchase & Inventory, version 1.0, whereby user-controlled inputs are not sufficiently encoded, resulting in a Cross-Site Scripting XSS vulnerability via /cupseasylive/itemgroupcreate.php, in the itemgroupid parameter. Exploitation of this...
Cross site scripting
A vulnerability has been reported in Cups Easy Purchase & Inventory, version 1.0, whereby user-controlled inputs are not sufficiently encoded, resulting in a Cross-Site Scripting XSS vulnerability via /cupseasylive/taxstructurelist.php, in the description parameter. Exploitation of this...
Cross site scripting
A vulnerability has been reported in Cups Easy Purchase & Inventory, version 1.0, whereby user-controlled inputs are not sufficiently encoded, resulting in a Cross-Site Scripting XSS vulnerability via /cupseasylive/countrycreate.php, in the countryid parameter. Exploitation of this vulnerability...
Cross site scripting
A vulnerability has been reported in Cups Easy Purchase & Inventory, version 1.0, whereby user-controlled inputs are not sufficiently encoded, resulting in a Cross-Site Scripting XSS vulnerability via /cupseasylive/taxcodelist.php, in the description parameter. Exploitation of this vulnerability...