3 matches found
CVE-2023-6432
A vulnerability has been discovered in BigProf Online Invoicing System 2.6, which does not sufficiently encode user-controlled input, resulting in persistent XSS through /inventory/itemsview.php, in the FirstRecord parameter. Exploitation of this vulnerability could allow an attacking user to sto...
CVE-2023-6432 Cross-site Scripting vulnerability in BigProf products
A vulnerability has been discovered in BigProf Online Invoicing System 2.6, which does not sufficiently encode user-controlled input, resulting in persistent XSS through /inventory/itemsview.php, in the FirstRecord parameter. Exploitation of this vulnerability could allow an attacking user to sto...
CVE-2023-6432
CVE-2023-6432 affects BigProf Online Invoicing System version 2.6. The vulnerability is a persistent cross-site scripting (XSS) flaw in the FirstRecord parameter of the "/inventory/items_view.php" endpoint, caused by insufficient encoding of user-controlled input. An attacker could store JavaScri...