Vulnerabilities > Nchsoftware > Express Invoice > Medium

DATE CVE VULNERABILITY TITLE RISK
2020-12-28 CVE-2020-13476 Cross-site Scripting vulnerability in Nchsoftware Express Invoice 8.06/8.24
NCH Express Invoice 8.06 to 8.24 is vulnerable to Reflected XSS in the Quotes List module.
network
low complexity
nchsoftware CWE-79
4.8
4.8
2019-10-14 CVE-2019-16282 Cross-site Scripting vulnerability in Nchsoftware Express Invoice 7.12
In NCH Express Invoice v7.12, persistent cross site scripting (XSS) exists via the Invoices/Items/Customers/Quotes input field.
network
low complexity
nchsoftware CWE-79
5.4
5.4