53 matches found
CVE-2026-26725
An issue in edu Business Solutions Print Shop Pro WebDesk v.18.34 fixed in 19.76 allows a remote attacker to escalate privileges via the AccessID parameter...
CVE-2026-26725
An issue in edu Business Solutions Print Shop Pro WebDesk v.18.34 allows a remote attacker to escalate privileges via the AccessID parameter...
CVE-2026-26725
An issue in edu Business Solutions Print Shop Pro WebDesk v.18.34 fixed in 19.76 allows a remote attacker to escalate privileges via the AccessID parameter...
CVE-2026-26725
An issue in edu Business Solutions Print Shop Pro WebDesk v.18.34 fixed in 19.76 allows a remote attacker to escalate privileges via the AccessID parameter...
CVE-2026-26725
An issue in edu Business Solutions Print Shop Pro WebDesk v.18.34 fixed in 19.76 allows a remote attacker to escalate privileges via the AccessID parameter...
CVE-2026-26725
An issue in edu Business Solutions Print Shop Pro WebDesk v.18.34 allows a remote attacker to escalate privileges via the AccessID parameter...
PT-2026-21254
Name of the Vulnerable Software and Affected Versions edu Business Solutions Print Shop Pro WebDesk version 18.34 Description An issue allows a remote attacker to escalate privileges through the AccessID parameter. Recommendations Apply any available updates or patches for version 18.34. As a...
CVE-2026-26725
The advisory concerns CVE-2026-26725 in edu Business Solutions Print Shop Pro WebDesk v.18.34, where a remote attacker can escalate privileges via the AccessID parameter. The impact is described as total with high confidentiality, integrity, and availability impact (CVSS 3.1: 9.8, Network, Low at...
edu Business Solutions Print Shop Pro WebDesk 安全漏洞
edu Business Solutions Print Shop Pro WebDesk is a printing order management system developed by the American company edu Business Solutions. Version 18.34 of edu Business Solutions Print Shop Pro WebDesk contains a security vulnerability, which stems from improper handling of the AccessID...
CVE-2025-61550
Cross-Site Scripting XSS is present on the ctl00Content01fieldValue parameters on the /psp/appNet/TemplateOrder/TemplatePreview.aspx endpoint in edu Business Solutions Print Shop Pro WebDesk version 18.34 fixed in 19.69. User-supplied input is stored and later rendered in HTML pages without prope...
CVE-2025-61547
Cross-Site Request Forgery CSRF is present on all functions in edu Business Solutions Print Shop Pro WebDesk version 18.34 fixed in 19.76. The application does not implement proper CSRF tokens or other other protective measures, allowing a remote attacker to trick authenticated users into...
CVE-2025-61549
Cross-Site Scripting XSS is present on the LoginID parameter on the /PSP/app/web/reg/regdisplay.asp endpoint in edu Business Solutions Print Shop Pro WebDesk version 18.34 fixed in 19.76. Unsanitized user input is reflected in HTTP responses without proper HTML encoding or escaping. This allows...
CVE-2025-61547
Cross-Site Request Forgery CSRF is present on all functions in edu Business Solutions Print Shop Pro WebDesk version 18.34 fixed in 19.76. The application does not implement proper CSRF tokens or other other protective measures, allowing a remote attacker to trick authenticated users into...
CVE-2025-61549
Cross-Site Scripting XSS is present on the LoginID parameter on the /PSP/app/web/reg/regdisplay.asp endpoint in edu Business Solutions Print Shop Pro WebDesk version 18.34 fixed in 19.76. Unsanitized user input is reflected in HTTP responses without proper HTML encoding or escaping. This allows...
CVE-2025-61548
SQL Injection is present on the hfInventoryDistFormID parameter in the /PSP/appNET/Store/CartV12.aspx/GetUnitPrice endpoint in edu Business Solutions Print Shop Pro WebDesk version 18.34 fixed in 19.69. Unsanitized user input is incorporated directly into SQL queries without proper parameterizati...
CVE-2025-61550
Cross-Site Scripting XSS is present on the ctl00Content01fieldValue parameters on the /psp/appNet/TemplateOrder/TemplatePreview.aspx endpoint in edu Business Solutions Print Shop Pro WebDesk version 18.34 fixed in 19.69. User-supplied input is stored and later rendered in HTML pages without prope...
CVE-2025-61546
There is an issue on the /PSP/appNET/Store/CartV12.aspx/GetUnitPrice endpoint in edu Business Solutions Print Shop Pro WebDesk version 18.34 fixed in 19.69 that enables remote attacker to create financial discrepancies by purchasing items with a negative quantity. This vulnerability is possible d...
CVE-2025-61546
There is an issue on the /PSP/appNET/Store/CartV12.aspx/GetUnitPrice endpoint in edu Business Solutions Print Shop Pro WebDesk version 18.34 fixed in 19.69 that enables remote attacker to create financial discrepancies by purchasing items with a negative quantity. This vulnerability is possible d...
CVE-2025-61549
Cross-Site Scripting XSS is present on the LoginID parameter on the /PSP/app/web/reg/regdisplay.asp endpoint in edu Business Solutions Print Shop Pro WebDesk version 18.34 fixed in 19.76. Unsanitized user input is reflected in HTTP responses without proper HTML encoding or escaping. This allows...
CVE-2025-61548
SQL Injection is present on the hfInventoryDistFormID parameter in the /PSP/appNET/Store/CartV12.aspx/GetUnitPrice endpoint in edu Business Solutions Print Shop Pro WebDesk version 18.34 fixed in 19.69. Unsanitized user input is incorporated directly into SQL queries without proper parameterizati...