Edubusinesssolutions

edubusinesssolutions

6 CVEs • 1 product

Products (1)

Click to collapse

Toggle

Print Shop Pro Webdesk

print_shop_pro_webdesk

CVEs (6)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2026-26725 1Edubusinesssolutions 1Print Shop Pro Webdesk May 14, 2026 Feb 20, 2026 N/A· v4 9.8 CRITICAL· v3 N/A· v2 An issue in edu Business Solutions Print Shop Pro WebDesk v.18.34 (fixed in 19.76) allows a remote attacker to escalate privileges via the AccessID parameter.
CVE-2025-61550 1Edubusinesssolutions 1Print Shop Pro Webdesk Feb 10, 2026 Jan 8, 2026 N/A· v4 5.4 MEDIUM· v3 N/A· v2 Cross-Site Scripting (XSS) is present on the ctl00_Content01_fieldValue parameters on the /psp/appNet/TemplateOrder/TemplatePreview.aspx endpoint in edu Business Solutions Print Shop Pro WebDesk version 18.34 (fixed in 1...Show more Cross-Site Scripting (XSS) is present on the ctl00_Content01_fieldValue parameters on the /psp/appNet/TemplateOrder/TemplatePreview.aspx endpoint in edu Business Solutions Print Shop Pro WebDesk version 18.34 (fixed in 19.69). User-supplied input is stored and later rendered in HTML pages without proper output encoding or sanitization. This allows attackers to persistently inject arbitrary JavaScript that executes in the context of other users' sessionsShow less
CVE-2025-61549 1Edubusinesssolutions 1Print Shop Pro Webdesk Feb 10, 2026 Jan 8, 2026 N/A· v4 6.1 MEDIUM· v3 N/A· v2 Cross-Site Scripting (XSS) is present on the LoginID parameter on the /PSP/app/web/reg/reg_display.asp endpoint in edu Business Solutions Print Shop Pro WebDesk version 18.34 (fixed in 19.76). Unsanitized user input is r...Show more Cross-Site Scripting (XSS) is present on the LoginID parameter on the /PSP/app/web/reg/reg_display.asp endpoint in edu Business Solutions Print Shop Pro WebDesk version 18.34 (fixed in 19.76). Unsanitized user input is reflected in HTTP responses without proper HTML encoding or escaping. This allows attackers to execute arbitrary JavaScript in the context of a victim s browser sessionShow less
CVE-2025-61548 1Edubusinesssolutions 1Print Shop Pro Webdesk Feb 10, 2026 Jan 8, 2026 N/A· v4 9.8 CRITICAL· v3 N/A· v2 SQL Injection is present on the hfInventoryDistFormID parameter in the /PSP/appNET/Store/CartV12.aspx/GetUnitPrice endpoint in edu Business Solutions Print Shop Pro WebDesk version 18.34 (fixed in 19.69). Unsanitized use...Show more SQL Injection is present on the hfInventoryDistFormID parameter in the /PSP/appNET/Store/CartV12.aspx/GetUnitPrice endpoint in edu Business Solutions Print Shop Pro WebDesk version 18.34 (fixed in 19.69). Unsanitized user input is incorporated directly into SQL queries without proper parameterization or escaping. This vulnerability allows remote attackers to execute arbitrary SQL commandsShow less
CVE-2025-61547 1Edubusinesssolutions 1Print Shop Pro Webdesk Feb 10, 2026 Jan 8, 2026 N/A· v4 6.8 MEDIUM· v3 N/A· v2 Cross-Site Request Forgery (CSRF) is present on all functions in edu Business Solutions Print Shop Pro WebDesk version 18.34 (fixed in 19.76). The application does not implement proper CSRF tokens or other other protecti...Show more Cross-Site Request Forgery (CSRF) is present on all functions in edu Business Solutions Print Shop Pro WebDesk version 18.34 (fixed in 19.76). The application does not implement proper CSRF tokens or other other protective measures, allowing a remote attacker to trick authenticated users into unknowingly executing unintended actions within their session. This can lead to unauthorized data modification such as credential updates.Show less
CVE-2025-61546 1Edubusinesssolutions 1Print Shop Pro Webdesk Feb 10, 2026 Jan 8, 2026 N/A· v4 9.1 CRITICAL· v3 N/A· v2 There is an issue on the /PSP/appNET/Store/CartV12.aspx/GetUnitPrice endpoint in edu Business Solutions Print Shop Pro WebDesk version 18.34 (fixed in 19.69) that enables remote attacker to create financial discrepancies...Show more There is an issue on the /PSP/appNET/Store/CartV12.aspx/GetUnitPrice endpoint in edu Business Solutions Print Shop Pro WebDesk version 18.34 (fixed in 19.69) that enables remote attacker to create financial discrepancies by purchasing items with a negative quantity. This vulnerability is possible due to reliance on client-side input validation controls.Show less