Lucene search
K
AjaysharmaCups Easy

42 matches found

CVE
CVE
added 2024/01/26 9:16 a.m.71 views

CVE-2024-23881

CVE-2024-23881 affects Cups Easy (Purchase & Inventory) version 1.0. The issue is a Cross-Site Scripting (XSS) vulnerability in the description parameter of the /cupseasylive/statelist.php endpoint, caused by insufficient encoding of user-controlled inputs. An attacker could craft a URL that, whe...

8.2CVSS5.8AI score0.00437EPSS
Web
CVE
CVE
added 2024/01/26 9:17 a.m.69 views

CVE-2024-23884

CVE-2024-23884 affects Cups Easy (Purchase & Inventory) version 1.0. The vulnerability is a Cross-Site Scripting (XSS) flaw in the grndate parameter of /cupseasylive/grnmodify.php caused by insufficient encoding. This can allow an authenticated user to be targeted by a crafted URL, potentially ex...

8.2CVSS5.8AI score0.00398EPSS
Web
CVE
CVE
added 2024/01/26 9:19 a.m.68 views

CVE-2024-23889

Cups Easy (Purchase & Inventory) version 1.0 contains a Cross-Site Scripting (XSS) flaw in the /cupseasylive/itemgroupcreate.php endpoint, caused by insufficient encoding of the itemgroupid parameter. An attacker can lure an authenticated user to click a crafted URL, potentially exfiltrating cook...

8.2CVSS5.8AI score0.00436EPSS
Web
CVE
CVE
added 2024/01/26 9:18 a.m.67 views

CVE-2024-23888

CVE-2024-23888 affects Cups Easy (Purchase & Inventory) version 1.0. The vulnerability is a stored/reflected XSS in the itemidy parameter of /cupseasylive/stocktransactionslist.php, potentially allowing a remote attacker to lure an authenticated user to a crafted URL and steal session cookies. Co...

8.2CVSS5.8AI score0.00398EPSS
Web
CVE
CVE
added 2024/01/26 9:17 a.m.64 views

CVE-2024-23883

CVE-2024-23883 affects Cups Easy (Purchase & Inventory) v1.0. The XSS vulnerability arises from insufficient encoding of user-controlled input in the description parameter of /cupseasylive/taxstructuremodify.php, allowing a remote attacker to craft a URL that, when visited by an authenticated use...

8.2CVSS5.8AI score0.00436EPSS
Web
CVE
CVE
added 2024/01/26 10:18 a.m.64 views

CVE-2024-23894

CVE-2024-23894 affects Cups Easy (Purchase & Inventory) v1.0. The vulnerability is a Cross-Site Scripting (XSS) flaw in the issuancedate parameter of the /cupseasylive/stockissuancecreate.php endpoint, caused by insufficient encoding of user-controlled input. Impact described in sources: an authe...

8.2CVSS5.8AI score0.00437EPSS
Web
CVE
CVE
added 2024/01/26 10:18 a.m.63 views

CVE-2024-23896

CVE-2024-23896 affects Cups Easy (Purchase & Inventory) v1.0. The vulnerability is a Cross-Site Scripting (XSS) flaw caused by insufficient encoding of user-controlled inputs in the batchno parameter of /cupseasylive/stock.php, enabling an attacker to craft a URL that could steal session cookies ...

8.2CVSS5.8AI score0.00489EPSS
Web
CVE
CVE
added 2024/01/26 9:18 a.m.62 views

CVE-2024-23886

CVE-2024-23886 affects Cups Easy (Purchase & Inventory) v1.0. The bin card info (bincardinfo) parameter on /cupseasylive/itemmodify.php is insufficiently encoded, enabling an XSS vulnerability. Exploitation could allow an attacker to lure an authenticated user with a crafted URL to steal session ...

8.2CVSS5.8AI score0.00436EPSS
Web
CVE
CVE
added 2024/01/26 9:15 a.m.61 views

CVE-2024-23879

CVE-2024-23879 affects Cups Easy (Purchase & Inventory) v1.0. The vulnerability arises from insufficient encoding/escaping of user-controlled input in the description parameter of /cupseasylive/statemodify.php, enabling Cross-Site Scripting (XSS). An (authenticated) attacker could lure a user to ...

8.2CVSS5.8AI score0.00399EPSS
Web
CVE
CVE
added 2024/01/26 9:9 a.m.60 views

CVE-2024-23868

CVE-2024-23868 affects Cups Easy (Purchase & Inventory) version 1.0. The vulnerability is a Cross-Site Scripting (XSS) flaw caused by insufficient encoding of inputs on the /cupseasylive/grnlist.php page, specifically the deleted parameter. This could allow an authenticated attacker to lure a use...

8.2CVSS5.8AI score0.00399EPSS
Web
CVE
CVE
added 2024/01/26 9:18 a.m.60 views

CVE-2024-23885

CVE-2024-23885 affects Cups Easy (Purchase & Inventory) v1.0. The vulnerability is a Cross-Site Scripting (XSS) flaw in /cupseasylive/countrymodify.php, caused by insufficient encoding of the countryid input. An attacker could lure an authenticated user to open a specially crafted URL and potenti...

8.2CVSS5.8AI score0.00436EPSS
Web
CVE
CVE
added 2024/01/26 9:14 a.m.59 views

CVE-2024-23877

CVE-2024-23877 affects Cups Easy (Purchase & Inventory) v1.0. The vulnerability is a Cross-Site Scripting (XSS) flaw in the currencyid parameter of /cupseasylive/currencycreate.php due to insufficient encoding, enabling an authenticated user to be targeted via a crafted URL and potentially have t...

8.2CVSS5.8AI score0.00437EPSS
Web
CVE
CVE
added 2024/01/26 9:8 a.m.57 views

CVE-2024-23867

CVE-2024-23867 affects Cups Easy (Purchase & Inventory) 1.0, where user-controlled input in the stateid parameter of /cupseasylive/statecreate.php is not sufficiently encoded, enabling a Cross-Site Scripting (XSS) vulnerability. The vulnerability could allow a remote attacker to deliver a crafted...

8.2CVSS5.8AI score0.00437EPSS
Web
CVE
CVE
added 2024/01/26 10:17 a.m.57 views

CVE-2024-23893

CVE-2024-23893 affects Cups Easy (Purchase & Inventory) v1.0. The vulnerability is a Cross-Site Scripting (XSS) flaw in the costcenterid parameter of /cupseasylive/costcentermodify.php caused by insufficient encoding. An attacker could lure an authenticated user to click a crafted URL, potentiall...

8.2CVSS5.8AI score0.00437EPSS
Web
CVE
CVE
added 2024/02/02 9:18 a.m.57 views

CVE-2024-23895

Cups Easy (Purchase & Inventory) v1.0 has an XSS in /cupseasylive/locationcreate.php (locationid) due to insufficient input encoding. Exploitation could steal an authenticated user’s session cookies; no public exploit details are provided in the supplied documents, and remediation is not specified.

8.2CVSS5.8AI score0.00499EPSS
Web
CVE
CVE
added 2024/01/26 9:13 a.m.56 views

CVE-2024-23875

CVE-2024-23875 affects Cups Easy (Purchase & Inventory) 1.0, with a Cross-Site Scripting vulnerability in the issuanceno parameter of /cupseasylive/stockissuancedisplay.php. The root cause is insufficient encoding/escaping of user-controlled input, allowing an attacker to craft a URL that, when v...

8.2CVSS5.8AI score0.00437EPSS
Web
CVE
CVE
added 2024/01/26 10:16 a.m.56 views

CVE-2024-23891

Cups Easy (Purchase & Inventory) version 1.0 is affected by an XSS in the /cupseasylive/itemcreate.php endpoint, via the itemid parameter, caused by insufficient input encoding. An attacker could entice an authenticated user to visit a crafted URL, potentially allowing theft of session cookies. P...

8.2CVSS5.8AI score0.00437EPSS
Web
CVE
CVE
added 2024/01/26 9:6 a.m.55 views

CVE-2024-23861

Cups Easy (Purchase & Inventory) 1.0 is vulnerable to a Cross‑Site Scripting (XSS) flaw in the endpoint /cupseasylive/unitofmeasurementcreate.php , via the unitofmeasurementid parameter. The issue arises from insufficient encoding of user‑controlled input, enabling an attacker to lure an authenti...

8.2CVSS5.8AI score0.00437EPSS
Web
CVE
CVE
added 2024/01/26 9:9 a.m.55 views

CVE-2024-23870

Cups Easy (Purchase & Inventory) v1.0 is affected by an XSS in the delete parameter of /cupseasylive/stockissuancelist.php. The vulnerability stems from insufficient encoding of user-controlled input, allowing a remote attacker to lure an authenticated user to a crafted URL and potentially steal ...

8.2CVSS5.8AI score0.00437EPSS
Web
CVE
CVE
added 2024/01/26 9:7 a.m.54 views

CVE-2024-23864

CVE-2024-23864 concerns Cups Easy (Purchase & Inventory) version 1.0, where the vulnerable component is the description parameter processed by the endpoint "/cupseasylive/countrylist.php". The root cause is insufficient encoding/escaping of user-controlled input, enabling a Cross-Site Scripting (...

8.2CVSS5.8AI score0.00437EPSS
Web
CVE
CVE
added 2024/01/26 9:18 a.m.54 views

CVE-2024-23887

CVE-2024-23887 affects Cups Easy (Purchase & Inventory) v1.0. The vulnerability is a Cross-Site Scripting (XSS) in the grndate parameter of /cupseasylive/grncreate.php, caused by insufficient encoding of user-controlled input. It could allow a remote attacker to craft a URL sent to an authenticat...

8.2CVSS5.8AI score0.00436EPSS
Web
CVE
CVE
added 2024/01/26 9:4 a.m.53 views

CVE-2024-23857

CVE-2024-23857 affects Cups Easy (Purchase & Inventory) v1.0. The vulnerability is a Cross-Site Scripting (XSS) flaw in the batchno parameter of /cupseasylive/grnlinecreate.php caused by insufficient encoding of user-controlled input. Exploitation could allow a remote attacker to lure an authenti...

8.2CVSS5.8AI score0.00399EPSS
Web
CVE
CVE
added 2024/01/26 9:9 a.m.53 views

CVE-2024-23869

CVE-2024-23869 affects Cups Easy (Purchase & Inventory) v1.0, with a Cross-Site Scripting (XSS) vulnerability stemming from insufficient encoding of user-controlled input in the issuanceno parameter of /cupseasylive/stockissuanceprint.php. An attacker could entice an authenticated user to open a ...

8.2CVSS5.8AI score0.00437EPSS
Web
CVE
CVE
added 2024/01/25 2:9 p.m.51 views

CVE-2024-23855

CVE-2024-23855 affects Cups Easy (Purchase & Inventory) version 1.0. The vulnerability is a Cross-Site Scripting (XSS) flaw caused by insufficient encoding of user-controlled inputs in multiple parameters, reachable via /cupseasylive/taxcodemodify.php. Exploitation could allow an attacker to lure...

8.2CVSS5.8AI score0.00399EPSS
CVE
CVE
added 2024/01/26 9:13 a.m.51 views

CVE-2024-23876

CVE-2024-23876 affects Cups Easy (Purchase & Inventory) version 1.0. The vulnerability is a Cross‑Site Scripting (XSS) flaw caused by insufficient escaping/encoding of the input in the description parameter of the endpoint /cupseasylive/taxstructurecreate.php . An attacker could craft a URL that,...

8.2CVSS5.8AI score0.00437EPSS
Web
CVE
CVE
added 2024/01/26 9:14 a.m.51 views

CVE-2024-23878

CVE-2024-23878 affects Cups Easy (Purchase & Inventory) version 1.0. The vulnerability is a Cross-Site Scripting (XSS) flaw caused by insufficient encoding of user-controlled input in the grnno parameter of /cupseasylive/grnprint.php. An attacker could entice an authenticated user to click a craf...

8.2CVSS5.8AI score0.00399EPSS
Web
CVE
CVE
added 2024/01/26 10:16 a.m.51 views

CVE-2024-23890

CVE-2024-23890 concerns Cups Easy (Purchase & Inventory) v1.0. The vulnerability is a Cross‑Site Scripting (XSS) flaw caused by insufficient encoding of the description parameter in the page /cupseasylive/itempopup.php, allowing an attacker to craft a URL that, when opened by an authenticated use...

8.2CVSS5.8AI score0.00398EPSS
Web
CVE
CVE
added 2024/01/26 10:17 a.m.51 views

CVE-2024-23892

CVE-2024-23892 affects Cups Easy (Purchase & Inventory) 1.0. The vulnerability is a cross-site scripting flaw in the costcenterid parameter of /cupseasylive/costcentercreate.php, caused by insufficient encoding. An attacker could craft a URL to an authenticated user and potentially steal session ...

8.2CVSS5.8AI score0.00399EPSS
Web
CVE
CVE
added 2024/01/26 9:5 a.m.50 views

CVE-2024-23859

CVE-2024-23859 affects Cups Easy (Purchase & Inventory) v1.0. The XSS flaw arises from insufficient encoding in the flatamount parameter of /cupseasylive/taxstructurelinecreate.php. A remote attacker could lure an authenticated user to a crafted URL and potentially steal session cookies (impactin...

8.2CVSS5.8AI score0.00437EPSS
Web
CVE
CVE
added 2024/01/26 9:16 a.m.49 views

CVE-2024-23880

CVE-2024-23880 affects Cups Easy (Purchase & Inventory) v1.0. The vulnerability is an XSS in the /cupseasylive/taxcodelist.php endpoint, caused by insufficient encoding of the description parameter. An attacker could lure an authenticated user to a crafted URL and potentially capture session cred...

8.2CVSS5.8AI score0.00399EPSS
Web
CVE
CVE
added 2024/01/26 9:11 a.m.48 views

CVE-2024-23872

Cups Easy (Purchase & Inventory) version 1.0 is affected by a Cross-Site Scripting (XSS) vulnerability in the description parameter of the /cupseasylive/locationmodify.php endpoint. The issue arises from insufficient encoding of user-controlled inputs, allowing an attacker to craft a URL that, wh...

8.2CVSS5.8AI score0.00399EPSS
Web
CVE
CVE
added 2024/01/26 9:12 a.m.48 views

CVE-2024-23873

CVE-2024-23873 affects Cups Easy (Purchase & Inventory) v1.0. The vulnerability is an XSS due to insufficient encoding of the currencyid parameter on /cupseasylive/currencymodify.php. An authenticated user could be targeted via a crafted URL to exfiltrate session cookies. Multiple sources (NVD, C...

8.2CVSS5.8AI score0.00437EPSS
Web
CVE
CVE
added 2024/01/26 9:3 a.m.47 views

CVE-2024-23856

CVE-2024-23856 affects Cups Easy (Purchase & Inventory) v1.0, where the description parameter on /cupseasylive/itemlist.php can be exploited through insufficient encoding of user input to trigger a Cross-Site Scripting (XSS) condition. The issue could allow an attacker, via a specially crafted UR...

8.2CVSS5.8AI score0.00399EPSS
Web
CVE
CVE
added 2024/01/26 9:6 a.m.47 views

CVE-2024-23862

CVE-2024-23862 affects Cups Easy (Purchase & Inventory) v1.0. The issue is a Cross-Site Scripting (XSS) flaw in the grnno parameter of /cupseasylive/grndisplay.php caused by insufficient encoding of user-supplied input. Exploitation could allow a remote attacker to deliver a crafted URL to an aut...

8.2CVSS5.8AI score0.00399EPSS
Web
CVE
CVE
added 2024/01/26 9:6 a.m.47 views

CVE-2024-23863

CVE-2024-23863 affects Cups Easy (Purchase & Inventory) v1.0. The vulnerability is an XSS flaw in the description parameter of /cupseasylive/taxstructuredisplay.php, caused by insufficient encoding of user-controlled inputs. An attacker could lure an authenticated user to a crafted URL, potential...

8.2CVSS5.8AI score0.00437EPSS
Web
CVE
CVE
added 2024/01/26 9:5 a.m.46 views

CVE-2024-23860

CVE-2024-23860 affects Cups Easy (Purchase & Inventory) version 1.0. The vulnerability is a Cross-Site Scripting (XSS) in the description parameter of /cupseasylive/currencylist.php caused by insufficient encoding of user-controlled input. Exploitation could allow a remote attacker to lure an aut...

8.2CVSS5.8AI score0.00437EPSS
Web
CVE
CVE
added 2024/01/26 9:17 a.m.46 views

CVE-2024-23882

CVE-2024-23882 : Cups Easy (Purchase & Inventory) v1.0 contains an XSS vulnerability in the taxcodeid parameter of the /cupseasylive/taxcodecreate.php endpoint due to insufficient input encoding. Exploitation could allow a remote attacker to lure an authenticated user to a crafted URL and steal s...

8.2CVSS5.8AI score0.00437EPSS
Web
CVE
CVE
added 2024/01/26 9:8 a.m.45 views

CVE-2024-23866

CVE-2024-23866 affects Cups Easy (Purchase & Inventory) version 1.0. The XSS vulnerability arises from insufficient encoding/escaping of the countryid parameter in /cupseasylive/countrycreate.php, enabling a remote attacker to lure an authenticated user with a crafted URL and steal session cookie...

8.2CVSS5.8AI score0.00399EPSS
Web
CVE
CVE
added 2024/01/26 9:7 a.m.44 views

CVE-2024-23865

CVE-2024-23865 affects Cups Easy (Purchase & Inventory) v1.0. The vulnerability is a Cross‑Site Scripting (XSS) flaw caused by insufficient encoding in the description parameter of the endpoint "/cupseasylive/taxstructurelist.php". An attacker could lure an authenticated user to click a crafted U...

8.2CVSS5.8AI score0.00437EPSS
Web
CVE
CVE
added 2024/01/26 9:13 a.m.44 views

CVE-2024-23874

CVE-2024-23874 affects Cups Easy (Purchase & Inventory) v1.0. A Cross-Site Scripting (XSS) flaw exists in the address1 parameter of /cupseasylive/companymodify.php caused by insufficient encoding of user-controlled input. This could allow a remote attacker to entice an authenticated user to visit...

8.2CVSS5.8AI score0.00399EPSS
Web
CVE
CVE
added 2024/01/26 9:11 a.m.42 views

CVE-2024-23871

CVE-2024-23871 affects Cups Easy (Purchase & Inventory) v1.0. The vulnerability is a Cross-Site Scripting (XSS) flaw caused by insufficient encoding of user-controlled inputs in the description parameter of /cupseasylive/unitofmeasurementmodify.php. Underlying root cause is the lack of proper esc...

8.2CVSS5.8AI score0.00437EPSS
Web
CVE
CVE
added 2024/01/26 9:4 a.m.38 views

CVE-2024-23858

CVE-2024-23858 concerns Cups Easy (Purchase & Inventory) v1.0, where the batchno parameter in the /cupseasylive/stockissuancelinecreate.php endpoint is not sufficiently encoded, enabling a Cross-Site Scripting (XSS) vulnerability. The flaw could allow a remote attacker to lure an authenticated us...

8.2CVSS5.8AI score0.00437EPSS
Web