3 matches found
CVE-2023-6427
creationtimestamp| type| source ---|---|--- 2023-12-21 08:37:44+00:00| seen| https://t.me/ctinow/157529...
CVE-2023-6427
BigProf Online Invoicing System 2.6 contains a persistent XSS in the FirstRecord parameter of /invoicing/app/invoices_view.php due to insufficient input encoding. Multiple connected sources describe the vulnerability as allowing stored JavaScript payloads to execute when the affected page loads. ...
CVE-2023-6427 Cross-site Scripting vulnerability in BigProf products
A vulnerability has been discovered in BigProf Online Invoicing System 2.6, which does not sufficiently encode user-controlled input, resulting in persistent XSS through /invoicing/app/invoicesview.php, in the FirstRecord parameter. Exploitation of this vulnerability could allow an attacking user...