42 matches found
CVE-2024-23881
CVE-2024-23881 affects Cups Easy (Purchase & Inventory) version 1.0. The issue is a Cross-Site Scripting (XSS) vulnerability in the description parameter of the /cupseasylive/statelist.php endpoint, caused by insufficient encoding of user-controlled inputs. An attacker could craft a URL that, whe...
CVE-2024-23884
CVE-2024-23884 affects Cups Easy (Purchase & Inventory) version 1.0. The vulnerability is a Cross-Site Scripting (XSS) flaw in the grndate parameter of /cupseasylive/grnmodify.php caused by insufficient encoding. This can allow an authenticated user to be targeted by a crafted URL, potentially ex...
CVE-2024-23889
Cups Easy (Purchase & Inventory) version 1.0 contains a Cross-Site Scripting (XSS) flaw in the /cupseasylive/itemgroupcreate.php endpoint, caused by insufficient encoding of the itemgroupid parameter. An attacker can lure an authenticated user to click a crafted URL, potentially exfiltrating cook...
CVE-2024-23888
CVE-2024-23888 affects Cups Easy (Purchase & Inventory) version 1.0. The vulnerability is a stored/reflected XSS in the itemidy parameter of /cupseasylive/stocktransactionslist.php, potentially allowing a remote attacker to lure an authenticated user to a crafted URL and steal session cookies. Co...
CVE-2024-23883
CVE-2024-23883 affects Cups Easy (Purchase & Inventory) v1.0. The XSS vulnerability arises from insufficient encoding of user-controlled input in the description parameter of /cupseasylive/taxstructuremodify.php, allowing a remote attacker to craft a URL that, when visited by an authenticated use...
CVE-2024-23894
CVE-2024-23894 affects Cups Easy (Purchase & Inventory) v1.0. The vulnerability is a Cross-Site Scripting (XSS) flaw in the issuancedate parameter of the /cupseasylive/stockissuancecreate.php endpoint, caused by insufficient encoding of user-controlled input. Impact described in sources: an authe...
CVE-2024-23896
CVE-2024-23896 affects Cups Easy (Purchase & Inventory) v1.0. The vulnerability is a Cross-Site Scripting (XSS) flaw caused by insufficient encoding of user-controlled inputs in the batchno parameter of /cupseasylive/stock.php, enabling an attacker to craft a URL that could steal session cookies ...
CVE-2024-23886
CVE-2024-23886 affects Cups Easy (Purchase & Inventory) v1.0. The bin card info (bincardinfo) parameter on /cupseasylive/itemmodify.php is insufficiently encoded, enabling an XSS vulnerability. Exploitation could allow an attacker to lure an authenticated user with a crafted URL to steal session ...
CVE-2024-23879
CVE-2024-23879 affects Cups Easy (Purchase & Inventory) v1.0. The vulnerability arises from insufficient encoding/escaping of user-controlled input in the description parameter of /cupseasylive/statemodify.php, enabling Cross-Site Scripting (XSS). An (authenticated) attacker could lure a user to ...
CVE-2024-23868
CVE-2024-23868 affects Cups Easy (Purchase & Inventory) version 1.0. The vulnerability is a Cross-Site Scripting (XSS) flaw caused by insufficient encoding of inputs on the /cupseasylive/grnlist.php page, specifically the deleted parameter. This could allow an authenticated attacker to lure a use...
CVE-2024-23885
CVE-2024-23885 affects Cups Easy (Purchase & Inventory) v1.0. The vulnerability is a Cross-Site Scripting (XSS) flaw in /cupseasylive/countrymodify.php, caused by insufficient encoding of the countryid input. An attacker could lure an authenticated user to open a specially crafted URL and potenti...
CVE-2024-23877
CVE-2024-23877 affects Cups Easy (Purchase & Inventory) v1.0. The vulnerability is a Cross-Site Scripting (XSS) flaw in the currencyid parameter of /cupseasylive/currencycreate.php due to insufficient encoding, enabling an authenticated user to be targeted via a crafted URL and potentially have t...
CVE-2024-23867
CVE-2024-23867 affects Cups Easy (Purchase & Inventory) 1.0, where user-controlled input in the stateid parameter of /cupseasylive/statecreate.php is not sufficiently encoded, enabling a Cross-Site Scripting (XSS) vulnerability. The vulnerability could allow a remote attacker to deliver a crafted...
CVE-2024-23893
CVE-2024-23893 affects Cups Easy (Purchase & Inventory) v1.0. The vulnerability is a Cross-Site Scripting (XSS) flaw in the costcenterid parameter of /cupseasylive/costcentermodify.php caused by insufficient encoding. An attacker could lure an authenticated user to click a crafted URL, potentiall...
CVE-2024-23895
Cups Easy (Purchase & Inventory) v1.0 has an XSS in /cupseasylive/locationcreate.php (locationid) due to insufficient input encoding. Exploitation could steal an authenticated user’s session cookies; no public exploit details are provided in the supplied documents, and remediation is not specified.
CVE-2024-23875
CVE-2024-23875 affects Cups Easy (Purchase & Inventory) 1.0, with a Cross-Site Scripting vulnerability in the issuanceno parameter of /cupseasylive/stockissuancedisplay.php. The root cause is insufficient encoding/escaping of user-controlled input, allowing an attacker to craft a URL that, when v...
CVE-2024-23891
Cups Easy (Purchase & Inventory) version 1.0 is affected by an XSS in the /cupseasylive/itemcreate.php endpoint, via the itemid parameter, caused by insufficient input encoding. An attacker could entice an authenticated user to visit a crafted URL, potentially allowing theft of session cookies. P...
CVE-2024-23861
Cups Easy (Purchase & Inventory) 1.0 is vulnerable to a Cross‑Site Scripting (XSS) flaw in the endpoint /cupseasylive/unitofmeasurementcreate.php , via the unitofmeasurementid parameter. The issue arises from insufficient encoding of user‑controlled input, enabling an attacker to lure an authenti...
CVE-2024-23870
Cups Easy (Purchase & Inventory) v1.0 is affected by an XSS in the delete parameter of /cupseasylive/stockissuancelist.php. The vulnerability stems from insufficient encoding of user-controlled input, allowing a remote attacker to lure an authenticated user to a crafted URL and potentially steal ...
CVE-2024-23864
CVE-2024-23864 concerns Cups Easy (Purchase & Inventory) version 1.0, where the vulnerable component is the description parameter processed by the endpoint "/cupseasylive/countrylist.php". The root cause is insufficient encoding/escaping of user-controlled input, enabling a Cross-Site Scripting (...
CVE-2024-23887
CVE-2024-23887 affects Cups Easy (Purchase & Inventory) v1.0. The vulnerability is a Cross-Site Scripting (XSS) in the grndate parameter of /cupseasylive/grncreate.php, caused by insufficient encoding of user-controlled input. It could allow a remote attacker to craft a URL sent to an authenticat...
CVE-2024-23857
CVE-2024-23857 affects Cups Easy (Purchase & Inventory) v1.0. The vulnerability is a Cross-Site Scripting (XSS) flaw in the batchno parameter of /cupseasylive/grnlinecreate.php caused by insufficient encoding of user-controlled input. Exploitation could allow a remote attacker to lure an authenti...
CVE-2024-23869
CVE-2024-23869 affects Cups Easy (Purchase & Inventory) v1.0, with a Cross-Site Scripting (XSS) vulnerability stemming from insufficient encoding of user-controlled input in the issuanceno parameter of /cupseasylive/stockissuanceprint.php. An attacker could entice an authenticated user to open a ...
CVE-2024-23855
CVE-2024-23855 affects Cups Easy (Purchase & Inventory) version 1.0. The vulnerability is a Cross-Site Scripting (XSS) flaw caused by insufficient encoding of user-controlled inputs in multiple parameters, reachable via /cupseasylive/taxcodemodify.php. Exploitation could allow an attacker to lure...
CVE-2024-23876
CVE-2024-23876 affects Cups Easy (Purchase & Inventory) version 1.0. The vulnerability is a Cross‑Site Scripting (XSS) flaw caused by insufficient escaping/encoding of the input in the description parameter of the endpoint /cupseasylive/taxstructurecreate.php . An attacker could craft a URL that,...
CVE-2024-23878
CVE-2024-23878 affects Cups Easy (Purchase & Inventory) version 1.0. The vulnerability is a Cross-Site Scripting (XSS) flaw caused by insufficient encoding of user-controlled input in the grnno parameter of /cupseasylive/grnprint.php. An attacker could entice an authenticated user to click a craf...
CVE-2024-23890
CVE-2024-23890 concerns Cups Easy (Purchase & Inventory) v1.0. The vulnerability is a Cross‑Site Scripting (XSS) flaw caused by insufficient encoding of the description parameter in the page /cupseasylive/itempopup.php, allowing an attacker to craft a URL that, when opened by an authenticated use...
CVE-2024-23892
CVE-2024-23892 affects Cups Easy (Purchase & Inventory) 1.0. The vulnerability is a cross-site scripting flaw in the costcenterid parameter of /cupseasylive/costcentercreate.php, caused by insufficient encoding. An attacker could craft a URL to an authenticated user and potentially steal session ...
CVE-2024-23859
CVE-2024-23859 affects Cups Easy (Purchase & Inventory) v1.0. The XSS flaw arises from insufficient encoding in the flatamount parameter of /cupseasylive/taxstructurelinecreate.php. A remote attacker could lure an authenticated user to a crafted URL and potentially steal session cookies (impactin...
CVE-2024-23880
CVE-2024-23880 affects Cups Easy (Purchase & Inventory) v1.0. The vulnerability is an XSS in the /cupseasylive/taxcodelist.php endpoint, caused by insufficient encoding of the description parameter. An attacker could lure an authenticated user to a crafted URL and potentially capture session cred...
CVE-2024-23872
Cups Easy (Purchase & Inventory) version 1.0 is affected by a Cross-Site Scripting (XSS) vulnerability in the description parameter of the /cupseasylive/locationmodify.php endpoint. The issue arises from insufficient encoding of user-controlled inputs, allowing an attacker to craft a URL that, wh...
CVE-2024-23873
CVE-2024-23873 affects Cups Easy (Purchase & Inventory) v1.0. The vulnerability is an XSS due to insufficient encoding of the currencyid parameter on /cupseasylive/currencymodify.php. An authenticated user could be targeted via a crafted URL to exfiltrate session cookies. Multiple sources (NVD, C...
CVE-2024-23856
CVE-2024-23856 affects Cups Easy (Purchase & Inventory) v1.0, where the description parameter on /cupseasylive/itemlist.php can be exploited through insufficient encoding of user input to trigger a Cross-Site Scripting (XSS) condition. The issue could allow an attacker, via a specially crafted UR...
CVE-2024-23862
CVE-2024-23862 affects Cups Easy (Purchase & Inventory) v1.0. The issue is a Cross-Site Scripting (XSS) flaw in the grnno parameter of /cupseasylive/grndisplay.php caused by insufficient encoding of user-supplied input. Exploitation could allow a remote attacker to deliver a crafted URL to an aut...
CVE-2024-23863
CVE-2024-23863 affects Cups Easy (Purchase & Inventory) v1.0. The vulnerability is an XSS flaw in the description parameter of /cupseasylive/taxstructuredisplay.php, caused by insufficient encoding of user-controlled inputs. An attacker could lure an authenticated user to a crafted URL, potential...
CVE-2024-23860
CVE-2024-23860 affects Cups Easy (Purchase & Inventory) version 1.0. The vulnerability is a Cross-Site Scripting (XSS) in the description parameter of /cupseasylive/currencylist.php caused by insufficient encoding of user-controlled input. Exploitation could allow a remote attacker to lure an aut...
CVE-2024-23882
CVE-2024-23882 : Cups Easy (Purchase & Inventory) v1.0 contains an XSS vulnerability in the taxcodeid parameter of the /cupseasylive/taxcodecreate.php endpoint due to insufficient input encoding. Exploitation could allow a remote attacker to lure an authenticated user to a crafted URL and steal s...
CVE-2024-23866
CVE-2024-23866 affects Cups Easy (Purchase & Inventory) version 1.0. The XSS vulnerability arises from insufficient encoding/escaping of the countryid parameter in /cupseasylive/countrycreate.php, enabling a remote attacker to lure an authenticated user with a crafted URL and steal session cookie...
CVE-2024-23865
CVE-2024-23865 affects Cups Easy (Purchase & Inventory) v1.0. The vulnerability is a Cross‑Site Scripting (XSS) flaw caused by insufficient encoding in the description parameter of the endpoint "/cupseasylive/taxstructurelist.php". An attacker could lure an authenticated user to click a crafted U...
CVE-2024-23874
CVE-2024-23874 affects Cups Easy (Purchase & Inventory) v1.0. A Cross-Site Scripting (XSS) flaw exists in the address1 parameter of /cupseasylive/companymodify.php caused by insufficient encoding of user-controlled input. This could allow a remote attacker to entice an authenticated user to visit...
CVE-2024-23871
CVE-2024-23871 affects Cups Easy (Purchase & Inventory) v1.0. The vulnerability is a Cross-Site Scripting (XSS) flaw caused by insufficient encoding of user-controlled inputs in the description parameter of /cupseasylive/unitofmeasurementmodify.php. Underlying root cause is the lack of proper esc...
CVE-2024-23858
CVE-2024-23858 concerns Cups Easy (Purchase & Inventory) v1.0, where the batchno parameter in the /cupseasylive/stockissuancelinecreate.php endpoint is not sufficiently encoded, enabling a Cross-Site Scripting (XSS) vulnerability. The flaw could allow a remote attacker to lure an authenticated us...