2 matches found
CVE-2023-6430 Cross-site Scripting vulnerability in BigProf products
A vulnerability has been discovered in BigProf Online Invoicing System 2.6, which does not sufficiently encode user-controlled input, resulting in persistent XSS through /inventory/transactionsview.php, in the FirstRecord parameter. Exploitation of this vulnerability could allow an attacking user...
CVE-2023-6430
CVE-2023-6430 concerns BigProf Online Invoicing System 2.6. The vulnerability is a persistent XSS flaw caused by insufficient encoding of user-controlled input in the FirstRecord parameter of /inventory/transactions_view.php, enabling an attacker to store JavaScript payloads that execute when the...