180 matches found
CVE-2023-6428 Cross-site Scripting vulnerability in BigProf products
A vulnerability has been discovered in BigProf Online Invoicing System 2.6, which does not sufficiently encode user-controlled input, resulting in persistent XSS through /invoicing/app/itemsview.php, in the FirstRecord parameter. Exploitation of this vulnerability could allow an attacking user to...
CVE-2023-6428
CVE-2023-6428 affects BigProf Online Invoicing System 2.6. The vulnerability is persistent XSS via the FirstRecord parameter in the /invoicing/app/items_view.php endpoint caused by insufficient input encoding. If exploited, an attacker could store JavaScript payloads that execute when the page lo...
CVE-2023-6427 Cross-site Scripting vulnerability in BigProf products
A vulnerability has been discovered in BigProf Online Invoicing System 2.6, which does not sufficiently encode user-controlled input, resulting in persistent XSS through /invoicing/app/invoicesview.php, in the FirstRecord parameter. Exploitation of this vulnerability could allow an attacking user...
CVE-2023-6427
BigProf Online Invoicing System 2.6 contains a persistent XSS in the FirstRecord parameter of /invoicing/app/invoices_view.php due to insufficient input encoding. Multiple connected sources describe the vulnerability as allowing stored JavaScript payloads to execute when the affected page loads. ...
CVE-2023-6426 Cross-site Scripting vulnerability in BigProf products
A vulnerability has been discovered in BigProf Online Invoicing System 2.6, which does not sufficiently encode user-controlled input, resulting in persistent XSS through /invoicing/app/invoicesview.php, in the FirstRecord parameter. Exploitation of this vulnerability could allow an attacking user...
CVE-2023-6426
BigProf Online Invoicing System 2.6 is affected by a persistent XSS in the FirstRecord parameter of /invoicing/app/invoices_view.php due to insufficient encoding of user-controlled input. Attacker-controlled JavaScript could be stored and executed when the page loads. Public sources in the connec...
CVE-2023-6425
The CVE-2023-6425 issue affects BigProf Online Clinic Management System 2.2. It describes persistent XSS caused by insufficient encoding of user-controlled input in the FirstRecord parameter of the /clinic/medical_records_view.php endpoint. The vulnerability could allow an attacker to store JavaS...
CVE-2023-6425 Cross-site Scripting vulnerability in BigProf products
A vulnerability has been discovered in BigProf Online Clinic Management System 2.2, which does not sufficiently encode user-controlled input, resulting in persistent XSS through /clinic/medicalrecordsview.php, in the FirstRecord parameter. Exploitation of this vulnerability could allow an attacki...
CVE-2023-6424 Cross-site Scripting vulnerability in BigProf products
A vulnerability has been discovered in BigProf Online Clinic Management System 2.2, which does not sufficiently encode user-controlled input, resulting in persistent XSS through /clinic/diseasesymptomsview.php, in the FirstRecord parameter. Exploitation of this vulnerability could allow an...
CVE-2023-6424
BigProf Online Clinic Management System v2.2 contains a persistent XSS in the FirstRecord parameter of /clinic/disease_symptoms_view.php due to insufficient input encoding. Exploitation could allow storing JavaScript payloads that execute when the affected page loads. Connected sources (NVD/CVE e...
CVE-2023-6423 Cross-site Scripting vulnerability in BigProf products
A vulnerability has been discovered in BigProf Online Clinic Management System 2.2, which does not sufficiently encode user-controlled input, resulting in persistent XSS through /clinic/eventsview.php, in the FirstRecord parameter. Exploitation of this vulnerability could allow an attacking user ...
CVE-2023-6423
Summary: CVE-2023-6423 affects BigProf Online Clinic Management System 2.2, with a persistent XSS in the FirstRecord parameter of /clinic/events_view.php due to insufficient input encoding. This could allow an attacker to store JavaScript payloads that execute when the page loads. Affirmed detail...
CVE-2023-6422 Cross-site Scripting vulnerability in BigProf products
A vulnerability has been discovered in BigProf Online Clinic Management System 2.2, which does not sufficiently encode user-controlled input, resulting in persistent XSS through /clinic/patientsview.php, in the FirstRecord parameter. Exploitation of this vulnerability could allow an attacking use...
CVE-2023-6422
Summary: CVE-2023-6422 affects BigProf Online Clinic Management System 2.2. The vulnerability is a persistent XSS in the FirstRecord parameter of the endpoint /clinic/patients_view.php due to insufficient encoding of user-supplied input. This can allow an attacker to store JavaScript payloads on ...
PT-2023-32653 · Unknown · Bigprof Online Clinic Management System
Name of the Vulnerable Software and Affected Versions: BigProf Online Clinic Management System version 2.2 Description: A vulnerability has been discovered in the system, which does not sufficiently encode user-controlled input, resulting in persistent XSS through the /clinic/events view.php...
PT-2023-32658 · Unknown · Bigprof Online Invoicing System
Name of the Vulnerable Software and Affected Versions: BigProf Online Invoicing System version 2.6 Description: A vulnerability has been discovered in the BigProf Online Invoicing System, which does not sufficiently encode user-controlled input, resulting in persistent XSS through the...
PT-2023-32654 · Unknown · Bigprof Online Clinic Management System
Name of the Vulnerable Software and Affected Versions: BigProf Online Clinic Management System version 2.2 Description: A vulnerability has been discovered in the system, which does not sufficiently encode user-controlled input, resulting in persistent XSS through the "/clinic/disease symptoms...
BigProf Online Invoicing System Security Vulnerability
BigProf Online Invoicing System OIS is an online invoicing system. A security vulnerability exists in BigProf Online Invoicing System version 2.6, which originates from a cross-site scripting vulnerability in the FirstRecord parameter of /invoicing/app/invoicesview.php...
BigProf Online Invoicing System Cross-Site Scripting Vulnerability
BigProf Online Invoicing System OIS is an online invoicing system. A cross-site scripting vulnerability exists in BigProf Online Invoicing System version 3.2, which stems from a cross-site scripting vulnerability in the FirstRecord parameter of /inventory/categoriesview.php...
BigProf Online Clinic Management System Cross-Site Scripting Vulnerability
BigProf Online Clinic Management System is an online clinic management system from BigProf, Inc. A cross-site scripting vulnerability exists in BigProf Online Clinic Management System version 2.2, which stems from a cross-site scripting vulnerability in the FirstRecord parameter of...