Vulnerabilities > Bigprof

DATE CVE VULNERABILITY TITLE RISK
2023-11-30 CVE-2023-6432 Unspecified vulnerability in Bigprof Online Invoicing System 2.6
A vulnerability has been discovered in BigProf Online Invoicing System 2.6, which does not sufficiently encode user-controlled input, resulting in persistent XSS through /inventory/items_view.php, in the FirstRecord parameter.
network
low complexity
bigprof
5.4
2023-11-30 CVE-2023-6433 Unspecified vulnerability in Bigprof Online Invoicing System 2.6
A vulnerability has been discovered in BigProf Online Invoicing System 2.6, which does not sufficiently encode user-controlled input, resulting in persistent XSS through /inventory/suppliers_view.php, in the FirstRecord parameter.
network
low complexity
bigprof
5.4
2023-11-30 CVE-2023-6434 Unspecified vulnerability in Bigprof Online Invoicing System 2.6
A vulnerability has been discovered in BigProf Online Invoicing System 2.6, which does not sufficiently encode user-controlled input, resulting in persistent XSS through /inventory/sections_view.php, in the FirstRecord parameter.
network
low complexity
bigprof
5.4
2023-11-30 CVE-2023-6435 Unspecified vulnerability in Bigprof Online Invoicing System 2.6
A vulnerability has been discovered in BigProf Online Invoicing System 2.6, which does not sufficiently encode user-controlled input, resulting in persistent XSS through /inventory/batches_view.php, in the FirstRecord parameter.
network
low complexity
bigprof
5.4
2022-09-29 CVE-2020-35674 SQL Injection vulnerability in Bigprof Online Invoicing System
BigProf Online Invoicing System before 2.9 suffers from an unauthenticated SQL Injection found in /membership_passwordReset.php (the endpoint that is responsible for issuing self-service password resets).
network
low complexity
bigprof CWE-89
critical
9.8
2022-09-29 CVE-2020-35675 Cross-Site Request Forgery (CSRF) vulnerability in Bigprof Online Invoicing System
BigProf Online Invoicing System before 3.0 offers a functionality that allows an administrator to move the records of members across groups.
network
low complexity
bigprof CWE-352
8.8
2021-03-03 CVE-2021-27839 Improper Neutralization of Formula Elements in a CSV File vulnerability in Bigprof Online Invoicing System
A CSV injection vulnerability found in Online Invoicing System (OIS) 4.3 and below can be exploited by users to perform malicious actions such as redirecting admins to unknown or harmful websites, or disclosing other clients' details that the user did not have access to.
local
low complexity
bigprof CWE-1236
4.4
2021-01-22 CVE-2021-21260 Unspecified vulnerability in Bigprof Online Invoicing System 4.0
Online Invoicing System (OIS) is open source software which is a lean invoicing system for small businesses, consultants and freelancers created using AppGini.
network
low complexity
bigprof
5.4
2020-12-24 CVE-2020-35677 Cross-site Scripting vulnerability in Bigprof Online Invoicing System
BigProf Online Invoicing System before 4.0 fails to adequately sanitize fields for HTML characters upon an administrator using admin/pageEditGroup.php to create a new group, resulting in Stored XSS.
network
low complexity
bigprof CWE-79
4.8
2020-12-24 CVE-2020-35676 Cross-site Scripting vulnerability in Bigprof Online Invoicing System
BigProf Online Invoicing System before 3.1 fails to correctly sanitize an XSS payload when a user registers using the self-registration functionality.
network
low complexity
bigprof CWE-79
6.1