CVE-2023-6433 Cross-site Scripting vulnerability in BigProf products

A vulnerability has been discovered in BigProf Online Invoicing System 2.6, which does not sufficiently encode user-controlled input, resulting in persistent XSS through /inventory/suppliersview.php, in the FirstRecord parameter. Exploitation of this vulnerability could allow an attacking user to...

CVE-2023-6432 Cross-site Scripting vulnerability in BigProf products

A vulnerability has been discovered in BigProf Online Invoicing System 2.6, which does not sufficiently encode user-controlled input, resulting in persistent XSS through /inventory/itemsview.php, in the FirstRecord parameter. Exploitation of this vulnerability could allow an attacking user to sto...

CVE-2023-6432

CVE-2023-6432 affects BigProf Online Invoicing System version 2.6. The vulnerability is a persistent cross-site scripting (XSS) flaw in the FirstRecord parameter of the "/inventory/items_view.php" endpoint, caused by insufficient encoding of user-controlled input. An attacker could store JavaScri...

CVE-2023-6431 Cross-site Scripting vulnerability in BigProf products

A vulnerability has been discovered in BigProf Online Invoicing System 2.6, which does not sufficiently encode user-controlled input, resulting in persistent XSS through /inventory/categoriesview.php, in the FirstRecord parameter. Exploitation of this vulnerability could allow an attacking user t...

CVE-2023-6431 Cross-site Scripting vulnerability in BigProf products

A vulnerability has been discovered in BigProf Online Invoicing System 2.6, which does not sufficiently encode user-controlled input, resulting in persistent XSS through /inventory/categoriesview.php, in the FirstRecord parameter. Exploitation of this vulnerability could allow an attacking user t...

CVE-2023-6430 Cross-site Scripting vulnerability in BigProf products

A vulnerability has been discovered in BigProf Online Invoicing System 2.6, which does not sufficiently encode user-controlled input, resulting in persistent XSS through /inventory/transactionsview.php, in the FirstRecord parameter. Exploitation of this vulnerability could allow an attacking user...

CVE-2023-6430

CVE-2023-6430 concerns BigProf Online Invoicing System 2.6. The vulnerability is a persistent XSS flaw caused by insufficient encoding of user-controlled input in the FirstRecord parameter of /inventory/transactions_view.php, enabling an attacker to store JavaScript payloads that execute when the...

CVE-2023-6429

BigProf Online Invoicing System 2.6 has a persistent XSS in the FirstRecord parameter of /invoicing/app/clients_view.php due to insufficient encoding of user-controlled input. Multiple connected sources (NVD/NVD mirror, CVE records, and third-party references) describe the vulnerability as a cros...

CVE-2023-6428 Cross-site Scripting vulnerability in BigProf products

A vulnerability has been discovered in BigProf Online Invoicing System 2.6, which does not sufficiently encode user-controlled input, resulting in persistent XSS through /invoicing/app/itemsview.php, in the FirstRecord parameter. Exploitation of this vulnerability could allow an attacking user to...

CVE-2023-6428

CVE-2023-6428 affects BigProf Online Invoicing System 2.6. The vulnerability is persistent XSS via the FirstRecord parameter in the /invoicing/app/items_view.php endpoint caused by insufficient input encoding. If exploited, an attacker could store JavaScript payloads that execute when the page lo...

CVE-2023-6428 Cross-site Scripting vulnerability in BigProf products

A vulnerability has been discovered in BigProf Online Invoicing System 2.6, which does not sufficiently encode user-controlled input, resulting in persistent XSS through /invoicing/app/itemsview.php, in the FirstRecord parameter. Exploitation of this vulnerability could allow an attacking user to...

CVE-2023-6427

BigProf Online Invoicing System 2.6 contains a persistent XSS in the FirstRecord parameter of /invoicing/app/invoices_view.php due to insufficient input encoding. Multiple connected sources describe the vulnerability as allowing stored JavaScript payloads to execute when the affected page loads. ...

CVE-2023-6427 Cross-site Scripting vulnerability in BigProf products

A vulnerability has been discovered in BigProf Online Invoicing System 2.6, which does not sufficiently encode user-controlled input, resulting in persistent XSS through /invoicing/app/invoicesview.php, in the FirstRecord parameter. Exploitation of this vulnerability could allow an attacking user...

CVE-2023-6426

BigProf Online Invoicing System 2.6 is affected by a persistent XSS in the FirstRecord parameter of /invoicing/app/invoices_view.php due to insufficient encoding of user-controlled input. Attacker-controlled JavaScript could be stored and executed when the page loads. Public sources in the connec...

CVE-2023-6425

The CVE-2023-6425 issue affects BigProf Online Clinic Management System 2.2. It describes persistent XSS caused by insufficient encoding of user-controlled input in the FirstRecord parameter of the /clinic/medical_records_view.php endpoint. The vulnerability could allow an attacker to store JavaS...

CVE-2023-6425 Cross-site Scripting vulnerability in BigProf products

A vulnerability has been discovered in BigProf Online Clinic Management System 2.2, which does not sufficiently encode user-controlled input, resulting in persistent XSS through /clinic/medicalrecordsview.php, in the FirstRecord parameter. Exploitation of this vulnerability could allow an attacki...

CVE-2023-6424 Cross-site Scripting vulnerability in BigProf products

A vulnerability has been discovered in BigProf Online Clinic Management System 2.2, which does not sufficiently encode user-controlled input, resulting in persistent XSS through /clinic/diseasesymptomsview.php, in the FirstRecord parameter. Exploitation of this vulnerability could allow an...

CVE-2023-6423

Summary: CVE-2023-6423 affects BigProf Online Clinic Management System 2.2, with a persistent XSS in the FirstRecord parameter of /clinic/events_view.php due to insufficient input encoding. This could allow an attacker to store JavaScript payloads that execute when the page loads. Affirmed detail...

CVE-2023-6422 Cross-site Scripting vulnerability in BigProf products

A vulnerability has been discovered in BigProf Online Clinic Management System 2.2, which does not sufficiently encode user-controlled input, resulting in persistent XSS through /clinic/patientsview.php, in the FirstRecord parameter. Exploitation of this vulnerability could allow an attacking use...

Important: Red Hat Security Advisory: OpenShift API for Data Protection (OADP) 1.3.0 security update

OpenShift API for Data Protection OADP 1.3.0 is now available. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE...