CVE-2026-26725
- EPSS 0.15%
- Veröffentlicht 20.02.2026 00:00:00
- Zuletzt bearbeitet 26.02.2026 21:32:14
An issue in edu Business Solutions Print Shop Pro WebDesk v.18.34 allows a remote attacker to escalate privileges via the AccessID parameter.
CVE-2025-61546
- EPSS 0.02%
- Veröffentlicht 08.01.2026 00:00:00
- Zuletzt bearbeitet 10.02.2026 18:16:19
There is an issue on the /PSP/appNET/Store/CartV12.aspx/GetUnitPrice endpoint in edu Business Solutions Print Shop Pro WebDesk version 18.34 (fixed in 19.69) that enables remote attacker to create financial discrepancies by purchasing items with a ne...
CVE-2025-61547
- EPSS 0.03%
- Veröffentlicht 08.01.2026 00:00:00
- Zuletzt bearbeitet 10.02.2026 18:16:19
Cross-Site Request Forgery (CSRF) is present on all functions in edu Business Solutions Print Shop Pro WebDesk version 18.34 (fixed in 19.76). The application does not implement proper CSRF tokens or other other protective measures, allowing a remote...
CVE-2025-61548
- EPSS 0.14%
- Veröffentlicht 08.01.2026 00:00:00
- Zuletzt bearbeitet 10.02.2026 18:16:20
SQL Injection is present on the hfInventoryDistFormID parameter in the /PSP/appNET/Store/CartV12.aspx/GetUnitPrice endpoint in edu Business Solutions Print Shop Pro WebDesk version 18.34 (fixed in 19.69). Unsanitized user input is incorporated direct...
CVE-2025-61549
- EPSS 0.04%
- Veröffentlicht 08.01.2026 00:00:00
- Zuletzt bearbeitet 10.02.2026 18:16:20
Cross-Site Scripting (XSS) is present on the LoginID parameter on the /PSP/app/web/reg/reg_display.asp endpoint in edu Business Solutions Print Shop Pro WebDesk version 18.34 (fixed in 19.76). Unsanitized user input is reflected in HTTP responses wit...
CVE-2025-61550
- EPSS 0.03%
- Veröffentlicht 08.01.2026 00:00:00
- Zuletzt bearbeitet 10.02.2026 18:16:20
Cross-Site Scripting (XSS) is present on the ctl00_Content01_fieldValue parameters on the /psp/appNet/TemplateOrder/TemplatePreview.aspx endpoint in edu Business Solutions Print Shop Pro WebDesk version 18.34 (fixed in 19.69). User-supplied input is ...