3 matches found
CVE-2023-6434
A vulnerability has been discovered in BigProf Online Invoicing System 2.6, which does not sufficiently encode user-controlled input, resulting in persistent XSS through /inventory/sectionsview.php, in the FirstRecord parameter. Exploitation of this vulnerability could allow an attacking user to...
CVE-2023-6434 Cross-site Scripting vulnerability in BigProf products
A vulnerability has been discovered in BigProf Online Invoicing System 2.6, which does not sufficiently encode user-controlled input, resulting in persistent XSS through /inventory/sectionsview.php, in the FirstRecord parameter. Exploitation of this vulnerability could allow an attacking user to...
CVE-2023-6434
BigProf Online Invoicing System (version 2.6) contains a persistent XSS vulnerability in the FirstRecord parameter of the /inventory/sections_view.php endpoint due to insufficient input encoding. The issue affects the inventory view API endpoint (FirstRecord parameter) and can allow storing malic...