cbcvebase.

Edubusinesssolutions Print Shop Pro Webdesk vulnerabilities

6 known vulnerabilities affecting edubusinesssolutions/print_shop_pro_webdesk.

Total CVEs
6
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL3MEDIUM3

Vulnerabilities

Page 1 of 1
CVE-2025-61548P2CRITICALCVSS 9.8v18.342026-01-08
CVE-2025-61548 [CRITICAL] CWE-89 CVE-2025-61548: SQL Injection is present on the hfInventoryDistFormID parameter in the /PSP/appNET/Store/CartV12.asp SQL Injection is present on the hfInventoryDistFormID parameter in the /PSP/appNET/Store/CartV12.aspx/GetUnitPrice endpoint in edu Business Solutions Print Shop Pro WebDesk version 18.34 (fixed in 19.69). Unsanitized user input is incorporated directly into SQL queries without proper parameterization or escaping. This vulnerability allows remote at
nvd
CVE-2026-26725P2CRITICALCVSS 9.8v18.342026-02-20
CVE-2026-26725 [CRITICAL] CWE-269 CVE-2026-26725: An issue in edu Business Solutions Print Shop Pro WebDesk v.18.34 (fixed in 19.76) allows a remote a An issue in edu Business Solutions Print Shop Pro WebDesk v.18.34 (fixed in 19.76) allows a remote attacker to escalate privileges via the AccessID parameter.
nvd
CVE-2025-61546P3CRITICALCVSS 9.1v18.342026-01-08
CVE-2025-61546 [CRITICAL] CWE-20 CVE-2025-61546: There is an issue on the /PSP/appNET/Store/CartV12.aspx/GetUnitPrice endpoint in edu Business Soluti There is an issue on the /PSP/appNET/Store/CartV12.aspx/GetUnitPrice endpoint in edu Business Solutions Print Shop Pro WebDesk version 18.34 (fixed in 19.69) that enables remote attacker to create financial discrepancies by purchasing items with a negative quantity. This vulnerability is possible due to reliance on client-side input validation cont
nvd
CVE-2025-61547P4MEDIUMCVSS 6.8v18.342026-01-08
CVE-2025-61547 [MEDIUM] CWE-352 CVE-2025-61547: Cross-Site Request Forgery (CSRF) is present on all functions in edu Business Solutions Print Shop P Cross-Site Request Forgery (CSRF) is present on all functions in edu Business Solutions Print Shop Pro WebDesk version 18.34 (fixed in 19.76). The application does not implement proper CSRF tokens or other other protective measures, allowing a remote attacker to trick authenticated users into unknowingly executing unintended actions within their ses
nvd
CVE-2025-61549P4MEDIUMCVSS 6.1v18.342026-01-08
CVE-2025-61549 [MEDIUM] CWE-79 CVE-2025-61549: Cross-Site Scripting (XSS) is present on the LoginID parameter on the /PSP/app/web/reg/reg_display.a Cross-Site Scripting (XSS) is present on the LoginID parameter on the /PSP/app/web/reg/reg_display.asp endpoint in edu Business Solutions Print Shop Pro WebDesk version 18.34 (fixed in 19.76). Unsanitized user input is reflected in HTTP responses without proper HTML encoding or escaping. This allows attackers to execute arbitrary JavaScript in the co
nvd
CVE-2025-61550P4MEDIUMCVSS 5.4v18.342026-01-08
CVE-2025-61550 [MEDIUM] CWE-79 CVE-2025-61550: Cross-Site Scripting (XSS) is present on the ctl00_Content01_fieldValue parameters on the /psp/appNe Cross-Site Scripting (XSS) is present on the ctl00_Content01_fieldValue parameters on the /psp/appNet/TemplateOrder/TemplatePreview.aspx endpoint in edu Business Solutions Print Shop Pro WebDesk version 18.34 (fixed in 19.69). User-supplied input is stored and later rendered in HTML pages without proper output encoding or sanitization. This allows at
nvd
Edubusinesssolutions Print Shop Pro Webdesk vulnerabilities | cvebase