CVE-2024-23858
CVSS 3.1 Score 6.1 of 10 (medium)
Details
Summary
CVE-2024-23858 is a newly reported vulnerability in Cups Easy (Purchase & Inventory), version 1.0. This issue arises due to insufficient encoding of user-controlled inputs, leading to a Cross-Site Scripting (XSS) vulnerability. The vulnerability can be exploited through the batchno parameter in the /cupseasylive/stockissuancelinecreate.php file. A remote attacker can take advantage of this flaw by sending a malicious URL to an authenticated user, potentially stealing their session cookie credentials. Users are advised to upgrade to a secure version of the software to mitigate this threat.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.