4 matches found
CVE-2023-6428 Cross-site Scripting vulnerability in BigProf products
A vulnerability has been discovered in BigProf Online Invoicing System 2.6, which does not sufficiently encode user-controlled input, resulting in persistent XSS through /invoicing/app/itemsview.php, in the FirstRecord parameter. Exploitation of this vulnerability could allow an attacking user to...
CVE-2023-6428 Cross-site Scripting vulnerability in BigProf products
A vulnerability has been discovered in BigProf Online Invoicing System 2.6, which does not sufficiently encode user-controlled input, resulting in persistent XSS through /invoicing/app/itemsview.php, in the FirstRecord parameter. Exploitation of this vulnerability could allow an attacking user to...
CVE-2023-6428 Cross-site Scripting vulnerability in BigProf products
A vulnerability has been discovered in BigProf Online Invoicing System 2.6, which does not sufficiently encode user-controlled input, resulting in persistent XSS through /invoicing/app/itemsview.php, in the FirstRecord parameter. Exploitation of this vulnerability could allow an attacking user to...
CVE-2023-6428
CVE-2023-6428 affects BigProf Online Invoicing System 2.6. The vulnerability is persistent XSS via the FirstRecord parameter in the /invoicing/app/items_view.php endpoint caused by insufficient input encoding. If exploited, an attacker could store JavaScript payloads that execute when the page lo...