180 matches found
Design/Logic Flaw
A vulnerability has been discovered in BigProf Online Invoicing System 2.6, which does not sufficiently encode user-controlled input, resulting in persistent XSS through /inventory/transactionsview.php, in the FirstRecord parameter. Exploitation of this vulnerability could allow an attacking user...
Design/Logic Flaw
A vulnerability has been discovered in BigProf Online Clinic Management System 2.2, which does not sufficiently encode user-controlled input, resulting in persistent XSS through /clinic/medicalrecordsview.php, in the FirstRecord parameter. Exploitation of this vulnerability could allow an attacki...
CVE-2023-6435 Cross-site Scripting vulnerability in BigProf products
A vulnerability has been discovered in BigProf Online Invoicing System 2.6, which does not sufficiently encode user-controlled input, resulting in persistent XSS through /inventory/batchesview.php, in the FirstRecord parameter. Exploitation of this vulnerability could allow an attacking user to...
CVE-2023-6435
CVE-2023-6435 affects BigProf Online Invoicing System 2.6. The vulnerability is a persistent XSS in the FirstRecord parameter of the endpoint "/inventory/batches_view.php" due to insufficient input encoding. Exploitation could allow an attacker to store and trigger JavaScript payloads when the pa...
CVE-2023-6434 Cross-site Scripting vulnerability in BigProf products
A vulnerability has been discovered in BigProf Online Invoicing System 2.6, which does not sufficiently encode user-controlled input, resulting in persistent XSS through /inventory/sectionsview.php, in the FirstRecord parameter. Exploitation of this vulnerability could allow an attacking user to...
CVE-2023-6434
BigProf Online Invoicing System (version 2.6) contains a persistent XSS vulnerability in the FirstRecord parameter of the /inventory/sections_view.php endpoint due to insufficient input encoding. The issue affects the inventory view API endpoint (FirstRecord parameter) and can allow storing malic...
CVE-2023-6433 Cross-site Scripting vulnerability in BigProf products
A vulnerability has been discovered in BigProf Online Invoicing System 2.6, which does not sufficiently encode user-controlled input, resulting in persistent XSS through /inventory/suppliersview.php, in the FirstRecord parameter. Exploitation of this vulnerability could allow an attacking user to...
CVE-2023-6433 Cross-site Scripting vulnerability in BigProf products
A vulnerability has been discovered in BigProf Online Invoicing System 2.6, which does not sufficiently encode user-controlled input, resulting in persistent XSS through /inventory/suppliersview.php, in the FirstRecord parameter. Exploitation of this vulnerability could allow an attacking user to...
CVE-2023-6433
CVE-2023-6433 : In BigProf Online Invoicing System 2.6, the FirstRecord parameter of /inventory/suppliers_view.php does not sufficiently encode user-controlled input, allowing persistent XSS. Exploitation could enable an attacker to store JavaScript payloads that execute on page load. Connected s...
CVE-2023-6432 Cross-site Scripting vulnerability in BigProf products
A vulnerability has been discovered in BigProf Online Invoicing System 2.6, which does not sufficiently encode user-controlled input, resulting in persistent XSS through /inventory/itemsview.php, in the FirstRecord parameter. Exploitation of this vulnerability could allow an attacking user to sto...
CVE-2023-6432 Cross-site Scripting vulnerability in BigProf products
A vulnerability has been discovered in BigProf Online Invoicing System 2.6, which does not sufficiently encode user-controlled input, resulting in persistent XSS through /inventory/itemsview.php, in the FirstRecord parameter. Exploitation of this vulnerability could allow an attacking user to sto...
CVE-2023-6432
CVE-2023-6432 affects BigProf Online Invoicing System version 2.6. The vulnerability is a persistent cross-site scripting (XSS) flaw in the FirstRecord parameter of the "/inventory/items_view.php" endpoint, caused by insufficient encoding of user-controlled input. An attacker could store JavaScri...
CVE-2023-6431 Cross-site Scripting vulnerability in BigProf products
A vulnerability has been discovered in BigProf Online Invoicing System 2.6, which does not sufficiently encode user-controlled input, resulting in persistent XSS through /inventory/categoriesview.php, in the FirstRecord parameter. Exploitation of this vulnerability could allow an attacking user t...
CVE-2023-6431 Cross-site Scripting vulnerability in BigProf products
A vulnerability has been discovered in BigProf Online Invoicing System 2.6, which does not sufficiently encode user-controlled input, resulting in persistent XSS through /inventory/categoriesview.php, in the FirstRecord parameter. Exploitation of this vulnerability could allow an attacking user t...
CVE-2023-6431
BigProf Online Invoicing System 2.6 contains a persistent XSS flaw due to insufficient encoding of user-controlled input in the FirstRecord parameter of /inventory/categories_view.php. This could allow storing JavaScript payloads that execute when the page loads. Documented in CVE-2023-6431 and c...
CVE-2023-6430 Cross-site Scripting vulnerability in BigProf products
A vulnerability has been discovered in BigProf Online Invoicing System 2.6, which does not sufficiently encode user-controlled input, resulting in persistent XSS through /inventory/transactionsview.php, in the FirstRecord parameter. Exploitation of this vulnerability could allow an attacking user...
CVE-2023-6430
CVE-2023-6430 concerns BigProf Online Invoicing System 2.6. The vulnerability is a persistent XSS flaw caused by insufficient encoding of user-controlled input in the FirstRecord parameter of /inventory/transactions_view.php, enabling an attacker to store JavaScript payloads that execute when the...
CVE-2023-6429 Cross-site Scripting vulnerability in BigProf products
A vulnerability has been discovered in BigProf Online Invoicing System 2.6, which does not sufficiently encode user-controlled input, resulting in persistent XSS through /invoicing/app/clientsview.php, in the FirstRecord parameter. Exploitation of this vulnerability could allow an attacking user ...
CVE-2023-6429
BigProf Online Invoicing System 2.6 has a persistent XSS in the FirstRecord parameter of /invoicing/app/clients_view.php due to insufficient encoding of user-controlled input. Multiple connected sources (NVD/NVD mirror, CVE records, and third-party references) describe the vulnerability as a cros...
CVE-2023-6428 Cross-site Scripting vulnerability in BigProf products
A vulnerability has been discovered in BigProf Online Invoicing System 2.6, which does not sufficiently encode user-controlled input, resulting in persistent XSS through /invoicing/app/itemsview.php, in the FirstRecord parameter. Exploitation of this vulnerability could allow an attacking user to...