36 matches found
Code injection
In NCH Express Invoice 7.25, an authenticated low-privilege user can enter a crafted URL to access higher-privileged functionalities such as the "Add New Item" screen...
CVE-2020-11561
NCH Express Invoice 7.25 is affected by CVE-2020-11561. The vulnerability allows an authenticated, low-privilege user to craft a URL that gains access to higher-privileged functionalities, such as the Add New Item screen. Multiple connected sources (NVD, Red Hat, CNVD, CNVD-derived listings) corr...
CVE-2020-11561
In NCH Express Invoice 7.25, an authenticated low-privilege user can enter a crafted URL to access higher-privileged functionalities such as the "Add New Item" screen...
PT-2020-12693 · Nch · Express Invoice
Name of the Vulnerable Software and Affected Versions: NCH Express Invoice version 7.25 Description: The issue allows local users to discover the cleartext password by reading the configuration file. Recommendations: For version 7.25, consider restricting access to the configuration file to...
CVE-2020-11560
CVE-2020-11560 affects NCH Express Invoice 7.25. Local users can read the application’s configuration file to obtain cleartext passwords, enabling potential account takeover. Root cause: credentials stored in plaintext in the configuration/files under the Express Invoice data path. Exploitation d...
CVE-2020-11560
NCH Express Invoice 7.25 allows local users to discover the cleartext password by reading the configuration file...
NCH Software Express Invoice Cross-Site Scripting Vulnerability
NCH Software Express Invoice is an inventory system from NCH Software Australia. The system is mainly used for invoice management, etc. A cross-site scripting vulnerability exists in NCH Software Express Invoice version 7.12, which stems from the lack of proper validation of client-side data in t...
CVE-2019-16282
In NCH Express Invoice v7.12, persistent cross site scripting XSS exists via the Invoices/Items/Customers/Quotes input field. An authenticated unprivileged user can add/modify the Invoices/Items/Customers fields parameter to inject arbitrary JavaScript...
CVE-2019-16282
In NCH Express Invoice v7.12, persistent cross site scripting XSS exists via the Invoices/Items/Customers/Quotes input field. An authenticated unprivileged user can add/modify the Invoices/Items/Customers fields parameter to inject arbitrary JavaScript...
Cross site scripting
In NCH Express Invoice v7.12, persistent cross site scripting XSS exists via the Invoices/Items/Customers/Quotes input field. An authenticated unprivileged user can add/modify the Invoices/Items/Customers fields parameter to inject arbitrary JavaScript...
CVE-2019-16282
In NCH Express Invoice v7.12, persistent cross site scripting XSS exists via the Invoices/Items/Customers/Quotes input field. An authenticated unprivileged user can add/modify the Invoices/Items/Customers fields parameter to inject arbitrary JavaScript...
CVE-2019-16282
CVE-2019-16282 affects NCH Express Invoice v7.12. The vulnerability is a persistent cross-site scripting (XSS) flaw exploitable via the Invoices/Items/Customers/Quotes input fields. An authenticated unprivileged user can modify parameters in these fields to inject arbitrary JavaScript. The issue ...
Express Invoice 7.12 Cross Site Scripting
Exploit Title: Express Invoice 7.12 - 'Customer' Persistent Cross-Site Scripting Exploit Author: Debashis Pal Date: 2019-10-13 Vendor Homepage: https://www.nchsoftware.com/ Source: https://www.nchsoftware.com/invoice/index.html Version: Express Invoice v7.12 CVE : N/A Tested on: Windows 7 SP132bi...
Express Invoice 7.12 - 'Customer' Persistent Cross-Site Scripting
Exploit Title: Express Invoice 7.12 - 'Customer' Persistent Cross-Site Scripting Exploit Author: Debashis Pal Date: 2019-10-13 Vendor Homepage: https://www.nchsoftware.com/ Source: https://www.nchsoftware.com/invoice/index.html Version: Express Invoice v7.12 CVE : N/A Tested on: Windows 7 SP132bi...
Express Invoice 7.12 - Customer Persistent Cross-Site Scripting
Express Invoice 7.12 - Customer Persistent Cross-Site Scripting Exploit Title: Express Invoice 7.12 - 'Customer' Persistent Cross-Site Scripting Exploit Author: Debashis Pal Date: 2019-10-13 Vendor Homepage: https://www.nchsoftware.com/ Source: https://www.nchsoftware.com/invoice/index.html...
Express Invoice 7.12 - (Customer) Persistent Cross-Site Scripting Vulnerability
Exploit for php platform in category web applications Exploit Title: Express Invoice 7.12 - 'Customer' Persistent Cross-Site Scripting Exploit Author: Debashis Pal Vendor Homepage: https://www.nchsoftware.com/ Source: https://www.nchsoftware.com/invoice/index.html Version: Express Invoice v7.12 C...