MEDIUM
Phreesoft
CVE published 2017-02-15
CVE-2017-5990
CVE-2017-5990 is a cross-site scripting flaw in PhreeBooksERP affecting the UPS and YRC label manager js_include.php endpoints. The issue comes from insufficient filtering of user-supplied data in the form GET parameter, allowing script execution in a victim’s browser in the context of the vulnerable site.