Vulnerabilities > Bigprof
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-11-30 | CVE-2023-6432 | Cross-site Scripting vulnerability in Bigprof Online Invoicing System 2.6 A vulnerability has been discovered in BigProf Online Invoicing System 2.6, which does not sufficiently encode user-controlled input, resulting in persistent XSS through /inventory/items_view.php, in the FirstRecord parameter. | 5.4 |
| 2023-11-30 | CVE-2023-6433 | Cross-site Scripting vulnerability in Bigprof Online Invoicing System 2.6 A vulnerability has been discovered in BigProf Online Invoicing System 2.6, which does not sufficiently encode user-controlled input, resulting in persistent XSS through /inventory/suppliers_view.php, in the FirstRecord parameter. | 5.4 |
| 2023-11-30 | CVE-2023-6434 | Cross-site Scripting vulnerability in Bigprof Online Invoicing System 2.6 A vulnerability has been discovered in BigProf Online Invoicing System 2.6, which does not sufficiently encode user-controlled input, resulting in persistent XSS through /inventory/sections_view.php, in the FirstRecord parameter. | 5.4 |
| 2023-11-30 | CVE-2023-6435 | Cross-site Scripting vulnerability in Bigprof Online Invoicing System 2.6 A vulnerability has been discovered in BigProf Online Invoicing System 2.6, which does not sufficiently encode user-controlled input, resulting in persistent XSS through /inventory/batches_view.php, in the FirstRecord parameter. | 5.4 |
| 2022-09-29 | CVE-2020-35674 | SQL Injection vulnerability in Bigprof Online Invoicing System BigProf Online Invoicing System before 2.9 suffers from an unauthenticated SQL Injection found in /membership_passwordReset.php (the endpoint that is responsible for issuing self-service password resets). | 9.8 |
| 2022-09-29 | CVE-2020-35675 | Cross-Site Request Forgery (CSRF) vulnerability in Bigprof Online Invoicing System BigProf Online Invoicing System before 3.0 offers a functionality that allows an administrator to move the records of members across groups. | 8.8 |
| 2021-03-03 | CVE-2021-27839 | Improper Neutralization of Formula Elements in a CSV File vulnerability in Bigprof Online Invoicing System A CSV injection vulnerability found in Online Invoicing System (OIS) 4.3 and below can be exploited by users to perform malicious actions such as redirecting admins to unknown or harmful websites, or disclosing other clients' details that the user did not have access to. | 4.4 |
| 2021-01-22 | CVE-2021-21260 | Cross-site Scripting vulnerability in Bigprof Online Invoicing System 4.0 Online Invoicing System (OIS) is open source software which is a lean invoicing system for small businesses, consultants and freelancers created using AppGini. | 5.4 |
| 2020-12-24 | CVE-2020-35677 | Cross-site Scripting vulnerability in Bigprof Online Invoicing System BigProf Online Invoicing System before 4.0 fails to adequately sanitize fields for HTML characters upon an administrator using admin/pageEditGroup.php to create a new group, resulting in Stored XSS. | 4.8 |
| 2020-12-24 | CVE-2020-35676 | Cross-site Scripting vulnerability in Bigprof Online Invoicing System BigProf Online Invoicing System before 3.1 fails to correctly sanitize an XSS payload when a user registers using the self-registration functionality. | 6.1 |