Vulnerabilities > Boxbilling
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-04-28 | CVE-2020-23647 | Cross-site Scripting vulnerability in Boxbilling Cross Site Scripting (XSS) vulnerability in BoxBilling 4.19, 4.19.1, 4.20, and 4.21 allows remote attackers to run arbitrary code via the message field on the submit new ticket form. | 6.1 |
| 2022-10-17 | CVE-2022-3552 | Unrestricted Upload of File with Dangerous Type vulnerability in Boxbilling Unrestricted Upload of File with Dangerous Type in GitHub repository boxbilling/boxbilling prior to 0.0.1. | 7.2 |