Express Invoice Security Vulnerabilities and Issues — Express Invoice CVE List

Lucene search

NchsoftwareExpress Invoice

4 matches found

CVE•added 2019/10/14 6:15 p.m.•68 views

CVE-2019-16282

In NCH Express Invoice v7.12, persistent cross site scripting (XSS) exists via the Invoices/Items/Customers/Quotes input field. An authenticated unprivileged user can add/modify the Invoices/Items/Customers fields parameter to inject arbitrary JavaScript.

5.4CVSS5.3AI score0.00391EPSS

CVE•added 2020/12/28 10:15 p.m.•60 views

CVE-2020-13476

NCH Express Invoice 8.06 to 8.24 is vulnerable to Reflected XSS in the Quotes List module.

4.8CVSS4.8AI score0.00235EPSS

CVE•added 2020/04/07 4:15 p.m.•32 views

CVE-2020-11561

In NCH Express Invoice 7.25, an authenticated low-privilege user can enter a crafted URL to access higher-privileged functionalities such as the "Add New Item" screen.

8.8CVSS8.3AI score0.00364EPSS

CVE•added 2020/04/07 5:15 p.m.•29 views

CVE-2020-11560

NCH Express Invoice 7.25 allows local users to discover the cleartext password by reading the configuration file.

7.8CVSS7.5AI score0.02474EPSS