PT-2019-14611 · Nch · Nch Express Invoice
Publicado
2019-10-14
·
Atualizado
2019-10-16
·
CVE-2019-16282
CVSS v3.1
5.4
Média
| Vetor | AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
NCH Express Invoice version 7.12
Description
The issue concerns a persistent cross-site scripting (XSS) flaw. This flaw can be exploited via the input fields for Invoices, Items, Customers, and Quotes. An authenticated, unprivileged user can modify these fields to inject arbitrary JavaScript code.
Recommendations
For NCH Express Invoice version 7.12, consider restricting access to the input fields for Invoices, Items, Customers, and Quotes to prevent arbitrary JavaScript injection until a patch is available.
Exploit
Correção
XSS
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Nch Express Invoice