High severity8.2NVD Advisory· Published Jan 26, 2024· Updated Jun 17, 2026
CVE-2024-23857
CVE-2024-23857
Description
A vulnerability has been reported in Cups Easy (Purchase & Inventory), version 1.0, whereby user-controlled inputs are not sufficiently encoded, resulting in a Cross-Site Scripting (XSS) vulnerability via /cupseasylive/grnlinecreate.php, in the batchno parameter. Exploitation of this vulnerability could allow a remote attacker to send a specially crafted URL to an authenticated user and steal their session cookie credentials.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2= 1.0+ 1 more
- (no CPE)range: = 1.0
- (no CPE)range: 1.0
Patches
Vulnerability mechanics
References
1- www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-cups-easynvdThird Party Advisory
News mentions
0No linked articles in our index yet.