CVE-2021-27839

Name of the Vulnerable Software and Affected Versions: Online Invoicing System (OIS) versions 4.3 and below

Description: A CSV injection issue allows users to perform malicious actions, such as redirecting admins to unknown or harmful websites, or disclosing other clients' details that the user did not have access to.

Recommendations: For versions 4.3 and below, update to a version above 4.3 to resolve the issue. As a temporary workaround, consider restricting access to sensitive client details and implementing additional security measures to prevent redirection to harmful websites.