3 matches found
CVE-2023-6429 Cross-site Scripting vulnerability in BigProf products
A vulnerability has been discovered in BigProf Online Invoicing System 2.6, which does not sufficiently encode user-controlled input, resulting in persistent XSS through /invoicing/app/clientsview.php, in the FirstRecord parameter. Exploitation of this vulnerability could allow an attacking user ...
CVE-2023-6429 Cross-site Scripting vulnerability in BigProf products
A vulnerability has been discovered in BigProf Online Invoicing System 2.6, which does not sufficiently encode user-controlled input, resulting in persistent XSS through /invoicing/app/clientsview.php, in the FirstRecord parameter. Exploitation of this vulnerability could allow an attacking user ...
CVE-2023-6429
BigProf Online Invoicing System 2.6 has a persistent XSS in the FirstRecord parameter of /invoicing/app/clients_view.php due to insufficient encoding of user-controlled input. Multiple connected sources (NVD/NVD mirror, CVE records, and third-party references) describe the vulnerability as a cros...