Lucene search
K

180 matches found

Cvelist
Cvelist
added 2023/11/30 1:55 p.m.24 views

CVE-2023-6433 Cross-site Scripting vulnerability in BigProf products

A vulnerability has been discovered in BigProf Online Invoicing System 2.6, which does not sufficiently encode user-controlled input, resulting in persistent XSS through /inventory/suppliersview.php, in the FirstRecord parameter. Exploitation of this vulnerability could allow an attacking user to...

6.3CVSS6.1AI score0.00388EPSS
Exploits0References1
OSV
OSV
added 2023/11/30 1:55 p.m.21 views

CVE-2023-6433 Cross-site Scripting vulnerability in BigProf products

A vulnerability has been discovered in BigProf Online Invoicing System 2.6, which does not sufficiently encode user-controlled input, resulting in persistent XSS through /inventory/suppliersview.php, in the FirstRecord parameter. Exploitation of this vulnerability could allow an attacking user to...

6.3CVSS6AI score0.00388EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2023/11/30 1:55 p.m.10 views

CVE-2023-6433 Cross-site Scripting vulnerability in BigProf products

A vulnerability has been discovered in BigProf Online Invoicing System 2.6, which does not sufficiently encode user-controlled input, resulting in persistent XSS through /inventory/suppliersview.php, in the FirstRecord parameter. Exploitation of this vulnerability could allow an attacking user to...

6.3CVSS6.1AI score0.00388EPSS
Exploits0References1
CVE
CVE
added 2023/11/30 1:55 p.m.30 views

CVE-2023-6433

CVE-2023-6433 : In BigProf Online Invoicing System 2.6, the FirstRecord parameter of /inventory/suppliers_view.php does not sufficiently encode user-controlled input, allowing persistent XSS. Exploitation could enable an attacker to store JavaScript payloads that execute on page load. Connected s...

6.3CVSS5.7AI score0.00388EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2023/11/30 1:55 p.m.4 views

CVE-2023-6432 Cross-site Scripting vulnerability in BigProf products

A vulnerability has been discovered in BigProf Online Invoicing System 2.6, which does not sufficiently encode user-controlled input, resulting in persistent XSS through /inventory/itemsview.php, in the FirstRecord parameter. Exploitation of this vulnerability could allow an attacking user to sto...

6.3CVSS6.1AI score0.00388EPSS
Exploits0References1
CVE
CVE
added 2023/11/30 1:55 p.m.40 views

CVE-2023-6432

CVE-2023-6432 affects BigProf Online Invoicing System version 2.6. The vulnerability is a persistent cross-site scripting (XSS) flaw in the FirstRecord parameter of the "/inventory/items_view.php" endpoint, caused by insufficient encoding of user-controlled input. An attacker could store JavaScri...

6.3CVSS5.4AI score0.00388EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2023/11/30 1:55 p.m.15 views

CVE-2023-6432 Cross-site Scripting vulnerability in BigProf products

A vulnerability has been discovered in BigProf Online Invoicing System 2.6, which does not sufficiently encode user-controlled input, resulting in persistent XSS through /inventory/itemsview.php, in the FirstRecord parameter. Exploitation of this vulnerability could allow an attacking user to sto...

6.3CVSS6AI score0.00388EPSS
Exploits0References3
Cvelist
Cvelist
added 2023/11/30 1:55 p.m.24 views

CVE-2023-6432 Cross-site Scripting vulnerability in BigProf products

A vulnerability has been discovered in BigProf Online Invoicing System 2.6, which does not sufficiently encode user-controlled input, resulting in persistent XSS through /inventory/itemsview.php, in the FirstRecord parameter. Exploitation of this vulnerability could allow an attacking user to sto...

6.3CVSS6.1AI score0.00388EPSS
Exploits0References1
OSV
OSV
added 2023/11/30 1:54 p.m.21 views

CVE-2023-6431 Cross-site Scripting vulnerability in BigProf products

A vulnerability has been discovered in BigProf Online Invoicing System 2.6, which does not sufficiently encode user-controlled input, resulting in persistent XSS through /inventory/categoriesview.php, in the FirstRecord parameter. Exploitation of this vulnerability could allow an attacking user t...

6.3CVSS6AI score0.00388EPSS
Exploits0References3
CVE
CVE
added 2023/11/30 1:54 p.m.38 views

CVE-2023-6431

BigProf Online Invoicing System 2.6 contains a persistent XSS flaw due to insufficient encoding of user-controlled input in the FirstRecord parameter of /inventory/categories_view.php. This could allow storing JavaScript payloads that execute when the page loads. Documented in CVE-2023-6431 and c...

6.3CVSS5.7AI score0.00388EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2023/11/30 1:54 p.m.22 views

CVE-2023-6431 Cross-site Scripting vulnerability in BigProf products

A vulnerability has been discovered in BigProf Online Invoicing System 2.6, which does not sufficiently encode user-controlled input, resulting in persistent XSS through /inventory/categoriesview.php, in the FirstRecord parameter. Exploitation of this vulnerability could allow an attacking user t...

6.3CVSS6.1AI score0.00388EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2023/11/30 1:54 p.m.13 views

CVE-2023-6431 Cross-site Scripting vulnerability in BigProf products

A vulnerability has been discovered in BigProf Online Invoicing System 2.6, which does not sufficiently encode user-controlled input, resulting in persistent XSS through /inventory/categoriesview.php, in the FirstRecord parameter. Exploitation of this vulnerability could allow an attacking user t...

6.3CVSS6AI score0.00388EPSS
Exploits0References1
Cvelist
Cvelist
added 2023/11/30 1:54 p.m.25 views

CVE-2023-6430 Cross-site Scripting vulnerability in BigProf products

A vulnerability has been discovered in BigProf Online Invoicing System 2.6, which does not sufficiently encode user-controlled input, resulting in persistent XSS through /inventory/transactionsview.php, in the FirstRecord parameter. Exploitation of this vulnerability could allow an attacking user...

6.3CVSS6.1AI score0.00388EPSS
Exploits0References1
OSV
OSV
added 2023/11/30 1:54 p.m.10 views

CVE-2023-6430 Cross-site Scripting vulnerability in BigProf products

A vulnerability has been discovered in BigProf Online Invoicing System 2.6, which does not sufficiently encode user-controlled input, resulting in persistent XSS through /inventory/transactionsview.php, in the FirstRecord parameter. Exploitation of this vulnerability could allow an attacking user...

6.3CVSS6AI score0.00388EPSS
Exploits0References3
CVE
CVE
added 2023/11/30 1:54 p.m.41 views

CVE-2023-6430

CVE-2023-6430 concerns BigProf Online Invoicing System 2.6. The vulnerability is a persistent XSS flaw caused by insufficient encoding of user-controlled input in the FirstRecord parameter of /inventory/transactions_view.php, enabling an attacker to store JavaScript payloads that execute when the...

6.3CVSS5.4AI score0.00388EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2023/11/30 1:54 p.m.29 views

CVE-2023-6429 Cross-site Scripting vulnerability in BigProf products

A vulnerability has been discovered in BigProf Online Invoicing System 2.6, which does not sufficiently encode user-controlled input, resulting in persistent XSS through /invoicing/app/clientsview.php, in the FirstRecord parameter. Exploitation of this vulnerability could allow an attacking user ...

6.3CVSS6.1AI score0.00388EPSS
Exploits0References1
CVE
CVE
added 2023/11/30 1:54 p.m.36 views

CVE-2023-6429

BigProf Online Invoicing System 2.6 has a persistent XSS in the FirstRecord parameter of /invoicing/app/clients_view.php due to insufficient encoding of user-controlled input. Multiple connected sources (NVD/NVD mirror, CVE records, and third-party references) describe the vulnerability as a cros...

6.3CVSS5.4AI score0.00388EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2023/11/30 1:53 p.m.4 views

CVE-2023-6428 Cross-site Scripting vulnerability in BigProf products

A vulnerability has been discovered in BigProf Online Invoicing System 2.6, which does not sufficiently encode user-controlled input, resulting in persistent XSS through /invoicing/app/itemsview.php, in the FirstRecord parameter. Exploitation of this vulnerability could allow an attacking user to...

6.3CVSS6.1AI score0.00388EPSS
Exploits0References1
Cvelist
Cvelist
added 2023/11/30 1:53 p.m.22 views

CVE-2023-6428 Cross-site Scripting vulnerability in BigProf products

A vulnerability has been discovered in BigProf Online Invoicing System 2.6, which does not sufficiently encode user-controlled input, resulting in persistent XSS through /invoicing/app/itemsview.php, in the FirstRecord parameter. Exploitation of this vulnerability could allow an attacking user to...

6.3CVSS6.1AI score0.00388EPSS
Exploits0References1
CVE
CVE
added 2023/11/30 1:53 p.m.36 views

CVE-2023-6428

CVE-2023-6428 affects BigProf Online Invoicing System 2.6. The vulnerability is persistent XSS via the FirstRecord parameter in the /invoicing/app/items_view.php endpoint caused by insufficient input encoding. If exploited, an attacker could store JavaScript payloads that execute when the page lo...

6.3CVSS5.4AI score0.00388EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder