Lucene search
K

180 matches found

Prion
Prion
added 2023/11/30 2:15 p.m.16 views

Design/Logic Flaw

A vulnerability has been discovered in BigProf Online Invoicing System 2.6, which does not sufficiently encode user-controlled input, resulting in persistent XSS through /invoicing/app/invoicesview.php, in the FirstRecord parameter. Exploitation of this vulnerability could allow an attacking user...

4.9CVSS6.1AI score0.00388EPSS
Exploits0References1Affected Software1
Prion
Prion
added 2023/11/30 2:15 p.m.14 views

Design/Logic Flaw

A vulnerability has been discovered in BigProf Online Invoicing System 2.6, which does not sufficiently encode user-controlled input, resulting in persistent XSS through /inventory/itemsview.php, in the FirstRecord parameter. Exploitation of this vulnerability could allow an attacking user to sto...

4.9CVSS6.1AI score0.00388EPSS
Exploits0References1Affected Software1
Prion
Prion
added 2023/11/30 2:15 p.m.15 views

Design/Logic Flaw

A vulnerability has been discovered in BigProf Online Invoicing System 2.6, which does not sufficiently encode user-controlled input, resulting in persistent XSS through /inventory/suppliersview.php, in the FirstRecord parameter. Exploitation of this vulnerability could allow an attacking user to...

4.9CVSS6.1AI score0.00388EPSS
Exploits0References1Affected Software1
Prion
Prion
added 2023/11/30 2:15 p.m.21 views

Design/Logic Flaw

A vulnerability has been discovered in BigProf Online Invoicing System 2.6, which does not sufficiently encode user-controlled input, resulting in persistent XSS through /inventory/transactionsview.php, in the FirstRecord parameter. Exploitation of this vulnerability could allow an attacking user...

4.9CVSS6.1AI score0.00388EPSS
Exploits0References1Affected Software1
Prion
Prion
added 2023/11/30 2:15 p.m.19 views

Design/Logic Flaw

A vulnerability has been discovered in BigProf Online Invoicing System 2.6, which does not sufficiently encode user-controlled input, resulting in persistent XSS through /inventory/sectionsview.php, in the FirstRecord parameter. Exploitation of this vulnerability could allow an attacking user to...

4.9CVSS6.1AI score0.00388EPSS
Exploits0References1Affected Software1
Prion
Prion
added 2023/11/30 2:15 p.m.13 views

Design/Logic Flaw

A vulnerability has been discovered in BigProf Online Clinic Management System 2.2, which does not sufficiently encode user-controlled input, resulting in persistent XSS through /clinic/patientsview.php, in the FirstRecord parameter. Exploitation of this vulnerability could allow an attacking use...

4.9CVSS6.2AI score0.00388EPSS
Exploits0References1Affected Software1
Prion
Prion
added 2023/11/30 2:15 p.m.20 views

Design/Logic Flaw

A vulnerability has been discovered in BigProf Online Invoicing System 2.6, which does not sufficiently encode user-controlled input, resulting in persistent XSS through /invoicing/app/itemsview.php, in the FirstRecord parameter. Exploitation of this vulnerability could allow an attacking user to...

4.9CVSS6.1AI score0.00388EPSS
Exploits0References1Affected Software1
Prion
Prion
added 2023/11/30 2:15 p.m.13 views

Design/Logic Flaw

A vulnerability has been discovered in BigProf Online Clinic Management System 2.2, which does not sufficiently encode user-controlled input, resulting in persistent XSS through /clinic/eventsview.php, in the FirstRecord parameter. Exploitation of this vulnerability could allow an attacking user ...

4.9CVSS6.2AI score0.00388EPSS
Exploits0References1Affected Software1
Prion
Prion
added 2023/11/30 2:15 p.m.17 views

Design/Logic Flaw

A vulnerability has been discovered in BigProf Online Invoicing System 2.6, which does not sufficiently encode user-controlled input, resulting in persistent XSS through /invoicing/app/clientsview.php, in the FirstRecord parameter. Exploitation of this vulnerability could allow an attacking user ...

4.9CVSS6.1AI score0.00388EPSS
Exploits0References1Affected Software1
Prion
Prion
added 2023/11/30 2:15 p.m.15 views

Design/Logic Flaw

A vulnerability has been discovered in BigProf Online Invoicing System 2.6, which does not sufficiently encode user-controlled input, resulting in persistent XSS through /inventory/batchesview.php, in the FirstRecord parameter. Exploitation of this vulnerability could allow an attacking user to...

4.9CVSS6.1AI score0.00388EPSS
Exploits0References1Affected Software1
Prion
Prion
added 2023/11/30 2:15 p.m.14 views

Design/Logic Flaw

A vulnerability has been discovered in BigProf Online Invoicing System 2.6, which does not sufficiently encode user-controlled input, resulting in persistent XSS through /inventory/categoriesview.php, in the FirstRecord parameter. Exploitation of this vulnerability could allow an attacking user t...

4.9CVSS6.1AI score0.00388EPSS
Exploits0References1Affected Software1
Prion
Prion
added 2023/11/30 2:15 p.m.18 views

Design/Logic Flaw

A vulnerability has been discovered in BigProf Online Invoicing System 2.6, which does not sufficiently encode user-controlled input, resulting in persistent XSS through /invoicing/app/invoicesview.php, in the FirstRecord parameter. Exploitation of this vulnerability could allow an attacking user...

4.9CVSS6.1AI score0.00388EPSS
Exploits0References1Affected Software1
Prion
Prion
added 2023/11/30 2:15 p.m.19 views

Design/Logic Flaw

A vulnerability has been discovered in BigProf Online Clinic Management System 2.2, which does not sufficiently encode user-controlled input, resulting in persistent XSS through /clinic/medicalrecordsview.php, in the FirstRecord parameter. Exploitation of this vulnerability could allow an attacki...

4.9CVSS6.2AI score0.00391EPSS
Exploits0References1Affected Software1
Prion
Prion
added 2023/11/30 2:15 p.m.20 views

Design/Logic Flaw

A vulnerability has been discovered in BigProf Online Clinic Management System 2.2, which does not sufficiently encode user-controlled input, resulting in persistent XSS through /clinic/diseasesymptomsview.php, in the FirstRecord parameter. Exploitation of this vulnerability could allow an...

4.9CVSS6.2AI score0.00388EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2023/11/30 1:56 p.m.28 views

CVE-2023-6435 Cross-site Scripting vulnerability in BigProf products

A vulnerability has been discovered in BigProf Online Invoicing System 2.6, which does not sufficiently encode user-controlled input, resulting in persistent XSS through /inventory/batchesview.php, in the FirstRecord parameter. Exploitation of this vulnerability could allow an attacking user to...

6.3CVSS6.1AI score0.00388EPSS
Exploits0References1
OSV
OSV
added 2023/11/30 1:56 p.m.17 views

CVE-2023-6435 Cross-site Scripting vulnerability in BigProf products

A vulnerability has been discovered in BigProf Online Invoicing System 2.6, which does not sufficiently encode user-controlled input, resulting in persistent XSS through /inventory/batchesview.php, in the FirstRecord parameter. Exploitation of this vulnerability could allow an attacking user to...

6.3CVSS6AI score0.00388EPSS
Exploits0References3
CVE
CVE
added 2023/11/30 1:56 p.m.37 views

CVE-2023-6435

CVE-2023-6435 affects BigProf Online Invoicing System 2.6. The vulnerability is a persistent XSS in the FirstRecord parameter of the endpoint "/inventory/batches_view.php" due to insufficient input encoding. Exploitation could allow an attacker to store and trigger JavaScript payloads when the pa...

6.3CVSS5.4AI score0.00388EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2023/11/30 1:55 p.m.26 views

CVE-2023-6434 Cross-site Scripting vulnerability in BigProf products

A vulnerability has been discovered in BigProf Online Invoicing System 2.6, which does not sufficiently encode user-controlled input, resulting in persistent XSS through /inventory/sectionsview.php, in the FirstRecord parameter. Exploitation of this vulnerability could allow an attacking user to...

6.3CVSS6.1AI score0.00388EPSS
Exploits0References1
OSV
OSV
added 2023/11/30 1:55 p.m.18 views

CVE-2023-6434 Cross-site Scripting vulnerability in BigProf products

A vulnerability has been discovered in BigProf Online Invoicing System 2.6, which does not sufficiently encode user-controlled input, resulting in persistent XSS through /inventory/sectionsview.php, in the FirstRecord parameter. Exploitation of this vulnerability could allow an attacking user to...

6.3CVSS6AI score0.00388EPSS
Exploits0References3
CVE
CVE
added 2023/11/30 1:55 p.m.37 views

CVE-2023-6434

BigProf Online Invoicing System (version 2.6) contains a persistent XSS vulnerability in the FirstRecord parameter of the /inventory/sections_view.php endpoint due to insufficient input encoding. The issue affects the inventory view API endpoint (FirstRecord parameter) and can allow storing malic...

6.3CVSS5.4AI score0.00388EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder