CVE-2024-23868
CVSS 3.1 Score 6.1 of 10 (medium)
Details
Published Jan 26, 2024
Updated: Feb 15, 2024
CWE ID 79
Summary
CVE-2024-23868 is a newly reported vulnerability affecting Cups Easy (Purchase & Inventory) version 1.0. The issue involves insufficient encoding of user-controlled inputs, specifically in the /cupseasylive/grnlist.php file's deleted parameter. This vulnerability can be exploited through a Cross-Site Scripting (XSS) attack, allowing a remote attacker to craft and send a malicious URL to an authenticated user. Successful exploitation could result in the attacker gaining access to the victim's session cookie credentials.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Share