8 matches found
EUVD-2020-23336
Malware in sbrugna...
EUVD-2020-27731
Malware in sbrugna...
BigProf Online Invoicing System Cross-Site Scripting Vulnerability
BigProf Online Invoicing System OIS is an online invoicing system. A cross-site scripting vulnerability exists in BigProf Online Invoicing System version 2.6, which originates from a cross-site scripting vulnerability in the FirstRecord parameter of /invoicing/app/clientsview.php...
PT-2023-32662 · Unknown · Bigprof Online Invoicing System
Name of the Vulnerable Software and Affected Versions: BigProf Online Invoicing System version 2.6 Description: A vulnerability has been discovered in the system, which does not sufficiently encode user-controlled input, resulting in persistent XSS through the "/inventory/items view.php" API...
BigProf Online Invoicing System Cross-Site Scripting Vulnerability
BigProf Online Invoicing System OIS is an online invoicing system. A cross-site scripting vulnerability exists in BigProf Online Invoicing System version 3.2, which stems from a cross-site scripting vulnerability in the FirstRecord parameter of /inventory/categoriesview.php...
BigProf Online Invoicing System Cross-Site Scripting Vulnerability
BigProf Online Invoicing System OIS is an online invoicing system. A cross-site scripting vulnerability exists in BigProf Online Invoicing System version 3.2, which stems from a cross-site scripting vulnerability in the FirstRecord parameter of /inventory/itemsview.php...
BigProf Online Invoicing System Cross-Site Scripting Vulnerability
BigProf Online Invoicing System OIS is an online invoicing system. A cross-site scripting vulnerability exists in BigProf Online Invoicing System version 2.6, which originates from a cross-site scripting vulnerability in the FirstRecord parameter of /invoicing/app/itemsview.php...
PT-2020-17385 · Bigprof · Bigprof Online Invoicing System
Name of the Vulnerable Software and Affected Versions: BigProf Online Invoicing System versions prior to 3.0 Description: The issue concerns a lack of CSRF protection in the "admin/pageTransferOwnership.php" endpoint, allowing an attacker to escalate privileges to Administrator and take over the...