Bigprof Online Invoicing System — known CVE vulnerabilities
Every CVE whose affected-product data names Bigprof Online Invoicing System, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (17)
CVE-2020-35674 — CVSS 9.8 (critical): BigProf Online Invoicing System before 2.9 suffers from an unauthenticated SQL Injection found in /membership_passwordReset.php (the…
CVE-2020-35675 — CVSS 8.8 (high): BigProf Online Invoicing System before 3.0 offers a functionality that allows an administrator to move the records of members across…
CVE-2021-21260 — CVSS 7.6 (high): Online Invoicing System (OIS) is open source software which is a lean invoicing system for small businesses, consultants and freelancers…
CVE-2023-6435 — CVSS 6.3 (medium): A vulnerability has been discovered in BigProf Online Invoicing System 2.6, which does not sufficiently encode user-controlled input…
CVE-2023-6431 — CVSS 6.3 (medium): A vulnerability has been discovered in BigProf Online Invoicing System 2.6, which does not sufficiently encode user-controlled input…
CVE-2023-6432 — CVSS 6.3 (medium): A vulnerability has been discovered in BigProf Online Invoicing System 2.6, which does not sufficiently encode user-controlled input…
CVE-2023-6433 — CVSS 6.3 (medium): A vulnerability has been discovered in BigProf Online Invoicing System 2.6, which does not sufficiently encode user-controlled input…
CVE-2023-6434 — CVSS 6.3 (medium): A vulnerability has been discovered in BigProf Online Invoicing System 2.6, which does not sufficiently encode user-controlled input…
CVE-2023-6426 — CVSS 6.3 (medium): A vulnerability has been discovered in BigProf Online Invoicing System 2.6, which does not sufficiently encode user-controlled input…
CVE-2023-6427 — CVSS 6.3 (medium): A vulnerability has been discovered in BigProf Online Invoicing System 2.6, which does not sufficiently encode user-controlled input…
CVE-2023-6428 — CVSS 6.3 (medium): A vulnerability has been discovered in BigProf Online Invoicing System 2.6, which does not sufficiently encode user-controlled input…
CVE-2023-6429 — CVSS 6.3 (medium): A vulnerability has been discovered in BigProf Online Invoicing System 2.6, which does not sufficiently encode user-controlled input…
CVE-2023-6430 — CVSS 6.3 (medium): A vulnerability has been discovered in BigProf Online Invoicing System 2.6, which does not sufficiently encode user-controlled input…
CVE-2020-6583 — CVSS 6.1 (medium): BigProf Online Invoicing System (OIS) through 2.6 has XSS that can be leveraged for session hijacking. An attacker can exploit the XSS…
CVE-2020-35676 — CVSS 6.1 (medium): BigProf Online Invoicing System before 3.1 fails to correctly sanitize an XSS payload when a user registers using the self-registration…
CVE-2020-35677 — CVSS 4.8 (medium): BigProf Online Invoicing System before 4.0 fails to adequately sanitize fields for HTML characters upon an administrator using…
CVE-2021-27839 — CVSS 4.4 (medium): A CSV injection vulnerability found in Online Invoicing System (OIS) 4.3 and below can be exploited by users to perform malicious actions…