Lucene search
K

180 matches found

Cvelist
Cvelist
added 2023/11/30 1:53 p.m.21 views

CVE-2023-6428 Cross-site Scripting vulnerability in BigProf products

A vulnerability has been discovered in BigProf Online Invoicing System 2.6, which does not sufficiently encode user-controlled input, resulting in persistent XSS through /invoicing/app/itemsview.php, in the FirstRecord parameter. Exploitation of this vulnerability could allow an attacking user to...

6.3CVSS6.1AI score0.00388EPSS
Exploits0References1
CVE
CVE
added 2023/11/30 1:53 p.m.35 views

CVE-2023-6428

CVE-2023-6428 affects BigProf Online Invoicing System 2.6. The vulnerability is persistent XSS via the FirstRecord parameter in the /invoicing/app/items_view.php endpoint caused by insufficient input encoding. If exploited, an attacker could store JavaScript payloads that execute when the page lo...

6.3CVSS5.4AI score0.00388EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2023/11/30 1:52 p.m.27 views

CVE-2023-6427 Cross-site Scripting vulnerability in BigProf products

A vulnerability has been discovered in BigProf Online Invoicing System 2.6, which does not sufficiently encode user-controlled input, resulting in persistent XSS through /invoicing/app/invoicesview.php, in the FirstRecord parameter. Exploitation of this vulnerability could allow an attacking user...

6.3CVSS6.1AI score0.00388EPSS
Exploits0References1
CVE
CVE
added 2023/11/30 1:52 p.m.32 views

CVE-2023-6427

BigProf Online Invoicing System 2.6 contains a persistent XSS in the FirstRecord parameter of /invoicing/app/invoices_view.php due to insufficient input encoding. Multiple connected sources describe the vulnerability as allowing stored JavaScript payloads to execute when the affected page loads. ...

6.3CVSS5.4AI score0.00388EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2023/11/30 1:50 p.m.19 views

CVE-2023-6426 Cross-site Scripting vulnerability in BigProf products

A vulnerability has been discovered in BigProf Online Invoicing System 2.6, which does not sufficiently encode user-controlled input, resulting in persistent XSS through /invoicing/app/invoicesview.php, in the FirstRecord parameter. Exploitation of this vulnerability could allow an attacking user...

6.3CVSS6.1AI score0.00388EPSS
Exploits0References1
CVE
CVE
added 2023/11/30 1:50 p.m.35 views

CVE-2023-6426

BigProf Online Invoicing System 2.6 is affected by a persistent XSS in the FirstRecord parameter of /invoicing/app/invoices_view.php due to insufficient encoding of user-controlled input. Attacker-controlled JavaScript could be stored and executed when the page loads. Public sources in the connec...

6.3CVSS5.4AI score0.00388EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2023/11/30 1:49 p.m.45 views

CVE-2023-6425

The CVE-2023-6425 issue affects BigProf Online Clinic Management System 2.2. It describes persistent XSS caused by insufficient encoding of user-controlled input in the FirstRecord parameter of the /clinic/medical_records_view.php endpoint. The vulnerability could allow an attacker to store JavaS...

6.3CVSS5.4AI score0.00391EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2023/11/30 1:49 p.m.22 views

CVE-2023-6425 Cross-site Scripting vulnerability in BigProf products

A vulnerability has been discovered in BigProf Online Clinic Management System 2.2, which does not sufficiently encode user-controlled input, resulting in persistent XSS through /clinic/medicalrecordsview.php, in the FirstRecord parameter. Exploitation of this vulnerability could allow an attacki...

6.3CVSS6.2AI score0.00391EPSS
Exploits0References1
Cvelist
Cvelist
added 2023/11/30 1:49 p.m.24 views

CVE-2023-6424 Cross-site Scripting vulnerability in BigProf products

A vulnerability has been discovered in BigProf Online Clinic Management System 2.2, which does not sufficiently encode user-controlled input, resulting in persistent XSS through /clinic/diseasesymptomsview.php, in the FirstRecord parameter. Exploitation of this vulnerability could allow an...

6.3CVSS6.2AI score0.00388EPSS
Exploits0References1
CVE
CVE
added 2023/11/30 1:49 p.m.36 views

CVE-2023-6424

BigProf Online Clinic Management System v2.2 contains a persistent XSS in the FirstRecord parameter of /clinic/disease_symptoms_view.php due to insufficient input encoding. Exploitation could allow storing JavaScript payloads that execute when the affected page loads. Connected sources (NVD/CVE e...

6.3CVSS5.4AI score0.00388EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2023/11/30 1:49 p.m.24 views

CVE-2023-6423 Cross-site Scripting vulnerability in BigProf products

A vulnerability has been discovered in BigProf Online Clinic Management System 2.2, which does not sufficiently encode user-controlled input, resulting in persistent XSS through /clinic/eventsview.php, in the FirstRecord parameter. Exploitation of this vulnerability could allow an attacking user ...

6.3CVSS6.2AI score0.00388EPSS
Exploits0References1
CVE
CVE
added 2023/11/30 1:49 p.m.36 views

CVE-2023-6423

Summary: CVE-2023-6423 affects BigProf Online Clinic Management System 2.2, with a persistent XSS in the FirstRecord parameter of /clinic/events_view.php due to insufficient input encoding. This could allow an attacker to store JavaScript payloads that execute when the page loads. Affirmed detail...

6.3CVSS5.4AI score0.00388EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2023/11/30 1:48 p.m.29 views

CVE-2023-6422 Cross-site Scripting vulnerability in BigProf products

A vulnerability has been discovered in BigProf Online Clinic Management System 2.2, which does not sufficiently encode user-controlled input, resulting in persistent XSS through /clinic/patientsview.php, in the FirstRecord parameter. Exploitation of this vulnerability could allow an attacking use...

6.3CVSS6.2AI score0.00388EPSS
Exploits0References1
CVE
CVE
added 2023/11/30 1:48 p.m.31 views

CVE-2023-6422

Summary: CVE-2023-6422 affects BigProf Online Clinic Management System 2.2. The vulnerability is a persistent XSS in the FirstRecord parameter of the endpoint /clinic/patients_view.php due to insufficient encoding of user-supplied input. This can allow an attacker to store JavaScript payloads on ...

6.3CVSS5.4AI score0.00388EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2023/11/30 12:0 a.m.4 views

PT-2023-32653 · Unknown · Bigprof Online Clinic Management System

Name of the Vulnerable Software and Affected Versions: BigProf Online Clinic Management System version 2.2 Description: A vulnerability has been discovered in the system, which does not sufficiently encode user-controlled input, resulting in persistent XSS through the /clinic/events view.php...

6.3CVSS5.3AI score0.00388EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2023/11/30 12:0 a.m.5 views

PT-2023-32658 · Unknown · Bigprof Online Invoicing System

Name of the Vulnerable Software and Affected Versions: BigProf Online Invoicing System version 2.6 Description: A vulnerability has been discovered in the BigProf Online Invoicing System, which does not sufficiently encode user-controlled input, resulting in persistent XSS through the...

6.3CVSS5.2AI score0.00388EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2023/11/30 12:0 a.m.8 views

PT-2023-32654 · Unknown · Bigprof Online Clinic Management System

Name of the Vulnerable Software and Affected Versions: BigProf Online Clinic Management System version 2.2 Description: A vulnerability has been discovered in the system, which does not sufficiently encode user-controlled input, resulting in persistent XSS through the "/clinic/disease symptoms...

6.3CVSS5.3AI score0.00388EPSS
Exploits0References4
CNNVD
CNNVD
added 2023/11/30 12:0 a.m.4 views

BigProf Online Invoicing System Security Vulnerability

BigProf Online Invoicing System OIS is an online invoicing system. A security vulnerability exists in BigProf Online Invoicing System version 2.6, which originates from a cross-site scripting vulnerability in the FirstRecord parameter of /invoicing/app/invoicesview.php...

6.3CVSS6.2AI score0.00388EPSS
Exploits0References1
CNNVD
CNNVD
added 2023/11/30 12:0 a.m.4 views

BigProf Online Invoicing System Cross-Site Scripting Vulnerability

BigProf Online Invoicing System OIS is an online invoicing system. A cross-site scripting vulnerability exists in BigProf Online Invoicing System version 3.2, which stems from a cross-site scripting vulnerability in the FirstRecord parameter of /inventory/categoriesview.php...

6.3CVSS6.2AI score0.00388EPSS
Exploits0References1
CNNVD
CNNVD
added 2023/11/30 12:0 a.m.3 views

BigProf Online Clinic Management System Cross-Site Scripting Vulnerability

BigProf Online Clinic Management System is an online clinic management system from BigProf, Inc. A cross-site scripting vulnerability exists in BigProf Online Clinic Management System version 2.2, which stems from a cross-site scripting vulnerability in the FirstRecord parameter of...

6.3CVSS6.2AI score0.00388EPSS
Exploits0References1
Rows per page
Query Builder