Online Invoicing System Security Vulnerabilities and Issues — Online Invoicing System CVE List

Lucene search

BigprofOnline Invoicing System

3 matches found

CVE•added 2020/12/24 4:15 a.m.•69 views

CVE-2020-35677

BigProf Online Invoicing System before 4.0 fails to adequately sanitize fields for HTML characters upon an administrator using admin/pageEditGroup.php to create a new group, resulting in Stored XSS. The caveat here is that an attacker would need administrative privileges in order to create the payl...

4.8CVSS5AI score0.0011EPSS

CVE•added 2020/12/24 4:15 a.m.•58 views

CVE-2020-35676

BigProf Online Invoicing System before 3.1 fails to correctly sanitize an XSS payload when a user registers using the self-registration functionality. As such, an attacker can input a crafted payload that will execute upon the application's administrator browsing the registered users' list. Once th...

6.1CVSS6.1AI score0.0024EPSS

CVE•added 2020/01/08 8:15 p.m.•52 views

CVE-2020-6583

BigProf Online Invoicing System (OIS) through 2.6 has XSS that can be leveraged for session hijacking. An attacker can exploit the XSS vulnerability, retrieve the session cookie from the administrator login, and take over the administrator account via the Name field in an Add New Client action.

6.1CVSS6AI score0.00328EPSS