Lucene search
K

4 matches found

OSV
OSV
added 2023/11/30 1:53 p.m.16 views

CVE-2023-6428 Cross-site Scripting vulnerability in BigProf products

A vulnerability has been discovered in BigProf Online Invoicing System 2.6, which does not sufficiently encode user-controlled input, resulting in persistent XSS through /invoicing/app/itemsview.php, in the FirstRecord parameter. Exploitation of this vulnerability could allow an attacking user to...

6.3CVSS6AI score0.00388EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2023/11/30 1:53 p.m.4 views

CVE-2023-6428 Cross-site Scripting vulnerability in BigProf products

A vulnerability has been discovered in BigProf Online Invoicing System 2.6, which does not sufficiently encode user-controlled input, resulting in persistent XSS through /invoicing/app/itemsview.php, in the FirstRecord parameter. Exploitation of this vulnerability could allow an attacking user to...

6.3CVSS6.1AI score0.00388EPSS
Exploits0References1
Cvelist
Cvelist
added 2023/11/30 1:53 p.m.21 views

CVE-2023-6428 Cross-site Scripting vulnerability in BigProf products

A vulnerability has been discovered in BigProf Online Invoicing System 2.6, which does not sufficiently encode user-controlled input, resulting in persistent XSS through /invoicing/app/itemsview.php, in the FirstRecord parameter. Exploitation of this vulnerability could allow an attacking user to...

6.3CVSS6.1AI score0.00388EPSS
Exploits0References1
CVE
CVE
added 2023/11/30 1:53 p.m.36 views

CVE-2023-6428

CVE-2023-6428 affects BigProf Online Invoicing System 2.6. The vulnerability is persistent XSS via the FirstRecord parameter in the /invoicing/app/items_view.php endpoint caused by insufficient input encoding. If exploited, an attacker could store JavaScript payloads that execute when the page lo...

6.3CVSS5.4AI score0.00388EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder