Vulnerabilities > Bigprof > Online Invoicing System > Medium

DATE CVE VULNERABILITY TITLE RISK
2021-03-03 CVE-2021-27839 Improper Neutralization of Formula Elements in a CSV File vulnerability in Bigprof Online Invoicing System
A CSV injection vulnerability found in Online Invoicing System (OIS) 4.3 and below can be exploited by users to perform malicious actions such as redirecting admins to unknown or harmful websites, or disclosing other clients' details that the user did not have access to.
network
bigprof CWE-1236
5.8
2020-12-24 CVE-2020-35676 Cross-site Scripting vulnerability in Bigprof Online Invoicing System
BigProf Online Invoicing System before 3.1 fails to correctly sanitize an XSS payload when a user registers using the self-registration functionality.
network
bigprof CWE-79
4.3
2020-01-08 CVE-2020-6583 Cross-site Scripting vulnerability in Bigprof Online Invoicing System
BigProf Online Invoicing System (OIS) through 2.6 has XSS that can be leveraged for session hijacking.
network
bigprof CWE-79
4.3