CVE-2023-6434

creationtimestamp| type| source ---|---|--- 2023-12-21 08:02:55+00:00| seen| https://t.me/ctinow/157517...

CVE-2023-6434

A vulnerability has been discovered in BigProf Online Invoicing System 2.6, which does not sufficiently encode user-controlled input, resulting in persistent XSS through /inventory/sectionsview.php, in the FirstRecord parameter. Exploitation of this vulnerability could allow an attacking user to...

CVE-2023-6434

BigProf Online Invoicing System (version 2.6) contains a persistent XSS vulnerability in the FirstRecord parameter of the /inventory/sections_view.php endpoint due to insufficient input encoding. The issue affects the inventory view API endpoint (FirstRecord parameter) and can allow storing malic...

CVE-2023-6434 Cross-site Scripting vulnerability in BigProf products

A vulnerability has been discovered in BigProf Online Invoicing System 2.6, which does not sufficiently encode user-controlled input, resulting in persistent XSS through /inventory/sectionsview.php, in the FirstRecord parameter. Exploitation of this vulnerability could allow an attacking user to...

Oracle Linux 9 : frr (ELSA-2023-6434)

The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2023-6434 advisory. 8.3.1-11 - Resolves: RHEL-2263 - bgpd: Do not explicitly print MAXTTL value for ebgp-multihop vty output 8.3.1-10 - Related: 2216912 - adding sysadmin ...