2 matches found
CVE-2020-35676
BigProf Online Invoicing System before 3.1 fails to correctly sanitize an XSS payload when a user registers using the self-registration functionality. As such, an attacker can input a crafted payload that will execute upon the application's administrator browsing the registered users' list. Once...
CVE-2020-35676
CVE-2020-35676 affects BigProf Online Invoicing System prior to 3.1. The vulnerability is a cross‑site scripting flaw in the self‑registration flow that fails to sanitize input in the self-registration member form and in the admin view of members (app/membership_signup.php and app/admin/pageViewM...