CVE-2025-61550

Medium CVSS: 5.4

Cross-Site Scripting (XSS) is present on the ctl00_Content01_fieldValue parameters on the /psp/appNet/TemplateOrder/TemplatePreview.aspx endpoint in edu Business Solutions Print Shop Pro WebDesk version 18.34 (fixed in 19.69). User-supplied input is stored and later rendered in HTML pages without proper output encoding or sanitization. This allows attackers to persistently inject arbitrary JavaScript that executes in the context of other users' sessions

Vendor

Edubusinesssolutions

Product

Print Shop Pro Webdesk

CWE

CWE-79

Yayın Tarihi

2026-01-08 17:15:48

Güncelleme

2026-02-10 18:16:20

Source Identifier

cve@mitre.org

KEV Date Added

Kategoriler

CWE-79 Print Shop Pro Webdesk MEDIUM Edubusinesssolutions 2026

Referanslar

https://github.com/chndlrx/vulnerability-disclosures/tree/main/CVE-2025-61550 https://github.com/chndlrx/vulnerability-disclosures/tree/main/CVE-2025-61550

Benzer Kayıtlar

Critical

CVE-2026-26725

An issue in edu Business Solutions Print Shop Pro WebDesk v.18.34 allows a remote attacker to escalate privileges via th…

Critical

CVE-2025-61546

There is an issue on the /PSP/appNET/Store/CartV12.aspx/GetUnitPrice endpoint in edu Business Solutions Print Shop Pro W…

Medium

CVE-2025-61547

Cross-Site Request Forgery (CSRF) is present on all functions in edu Business Solutions Print Shop Pro WebDesk version 1…

Critical

CVE-2025-61548

SQL Injection is present on the hfInventoryDistFormID parameter in the /PSP/appNET/Store/CartV12.aspx/GetUnitPrice endpo…

Medium

CVE-2025-61549

Cross-Site Scripting (XSS) is present on the LoginID parameter on the /PSP/app/web/reg/reg_display.asp endpoint in edu B…