Nchsoftware Express Invoice — known CVE vulnerabilities
Every CVE whose affected-product data names Nchsoftware Express Invoice, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (4)
CVE-2020-11561 — CVSS 8.8 (high): In NCH Express Invoice 7.25, an authenticated low-privilege user can enter a crafted URL to access higher-privileged functionalities such…
CVE-2020-11560 — CVSS 7.8 (high): NCH Express Invoice 7.25 allows local users to discover the cleartext password by reading the configuration file.
CVE-2019-16282 — CVSS 5.4 (medium): In NCH Express Invoice v7.12, persistent cross site scripting (XSS) exists via the Invoices/Items/Customers/Quotes input field. An…