Vulnerabilities > Nchsoftware > Express Invoice > 7.25
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-04-07 | CVE-2020-11560 | Insufficiently Protected Credentials vulnerability in Nchsoftware Express Invoice 7.25 NCH Express Invoice 7.25 allows local users to discover the cleartext password by reading the configuration file. | 7.8 |
| 2020-04-07 | CVE-2020-11561 | Improper Privilege Management vulnerability in Nchsoftware Express Invoice 7.25 In NCH Express Invoice 7.25, an authenticated low-privilege user can enter a crafted URL to access higher-privileged functionalities such as the "Add New Item" screen. | 6.5 |