Lucene search
+L

138 matches found

RedhatCVE
RedhatCVE
added 2026/01/09 11:29 a.m.8 views

CVE-2021-27839

A CSV injection vulnerability found in Online Invoicing System OIS 4.3 and below can be exploited by users to perform malicious actions such as redirecting admins to unknown or harmful websites, or disclosing other clients' details that the user did not have access to...

5.8CVSS7.1AI score0.00724EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2020-23337

Malware in sbrugna...

6.1CVSS6.3AI score0.00749EPSS
Exploits1References3
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2021-14578

Malware in sbrugna...

5.8CVSS5AI score0.00724EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2023-58665

Malicious code in bioql PyPI...

6.3CVSS5.8AI score0.00388EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2023-58664

Malicious code in bioql PyPI...

6.3CVSS5.8AI score0.00388EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2023-58670

Malicious code in bioql PyPI...

6.3CVSS5.8AI score0.00388EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2023-58669

Malicious code in bioql PyPI...

6.3CVSS5.8AI score0.00388EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2023-58668

Malicious code in bioql PyPI...

6.3CVSS5.8AI score0.00388EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.7 views

EUVD-2023-58667

Malicious code in bioql PyPI...

6.3CVSS5.8AI score0.00388EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2023-58666

Malicious code in bioql PyPI...

6.3CVSS5.8AI score0.00388EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2023-58663

Malicious code in bioql PyPI...

6.3CVSS5.8AI score0.00388EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2023-58672

Malicious code in bioql PyPI...

6.3CVSS5.8AI score0.00388EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2023-58671

Malicious code in bioql PyPI...

6.3CVSS5.8AI score0.00388EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 7:9 p.m.8 views

CVE-2021-21260

Online Invoicing System OIS is open source software which is a lean invoicing system for small businesses, consultants and freelancers created using AppGini. In OIS version 4.0 there is a stored XSS which can enables an attacker takeover of the admin account through a payload that extracts a csrf...

7.6CVSS6.2AI score0.00596EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 5:10 p.m.11 views

CVE-2020-35675

BigProf Online Invoicing System before 3.0 offers a functionality that allows an administrator to move the records of members across groups. The applicable endpoint admin/pageTransferOwnership.php lacks CSRF protection, resulting in an attacker being able to escalate their privileges to...

8.8CVSS7.1AI score0.00455EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/22 4:46 p.m.10 views

CVE-2020-6583

BigProf Online Invoicing System OIS through 2.6 has XSS that can be leveraged for session hijacking. An attacker can exploit the XSS vulnerability, retrieve the session cookie from the administrator login, and take over the administrator account via the Name field in an Add New Client action...

6.1CVSS6.1AI score0.00686EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 4:38 p.m.9 views

CVE-2020-35677

BigProf Online Invoicing System before 4.0 fails to adequately sanitize fields for HTML characters upon an administrator using admin/pageEditGroup.php to create a new group, resulting in Stored XSS. The caveat here is that an attacker would need administrative privileges in order to create the...

4.8CVSS6.6AI score0.0033EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/22 3:32 p.m.9 views

CVE-2020-35676

BigProf Online Invoicing System before 3.1 fails to correctly sanitize an XSS payload when a user registers using the self-registration functionality. As such, an attacker can input a crafted payload that will execute upon the application's administrator browsing the registered users' list. Once...

6.1CVSS6.4AI score0.00749EPSS
Exploits1
RedhatCVE
RedhatCVE
added 2025/05/22 3:31 p.m.7 views

CVE-2020-35674

BigProf Online Invoicing System before 2.9 suffers from an unauthenticated SQL Injection found in /membershippasswordReset.php the endpoint that is responsible for issuing self-service password resets. An unauthenticated attacker is able to send a request containing a crafted payload that can...

9.8CVSS7.8AI score0.01113EPSS
Exploits0
NVD
NVD
added 2023/11/30 2:15 p.m.25 views

CVE-2023-6435

A vulnerability has been discovered in BigProf Online Invoicing System 2.6, which does not sufficiently encode user-controlled input, resulting in persistent XSS through /inventory/batchesview.php, in the FirstRecord parameter. Exploitation of this vulnerability could allow an attacking user to...

6.3CVSS0.00388EPSS
Exploits0References1
Rows per page
Query Builder