2 matches found
CVE-2020-6583
BigProf Online Invoicing System OIS through 2.6 has XSS that can be leveraged for session hijacking. An attacker can exploit the XSS vulnerability, retrieve the session cookie from the administrator login, and take over the administrator account via the Name field in an Add New Client action...
CVE-2020-6583
CVE-2020-6583 affects BigProf Online Invoicing System (OIS) up to version 2.6. The vulnerability is a cross-site scripting (XSS) flaw that enables an attacker to hijack an administrator session by retrieving the session cookie through the Name field in an Add New Client action. The exploitation p...