CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2019-16282

In NCH Express Invoice v7.12, persistent cross site scripting (XSS) exists via the Invoices/Items/Customers/Quotes input field. An authenticated unprivileged user can add/modify the Invoices/Items/Customers fields parameter to inject arbitrary JavaScript.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.004

EPSS Ranking 59.3%

CVSS Severity

CVSS v3 Score 5.4

CVSS v2 Score 3.5

References

https://www.exploit-db.com/exploits/47496
https://www.exploit-db.com/exploits/47496

Products affected by CVE-2019-16282

Nchsoftware » Express Invoice » Version: 7.12

cpe:2.3:a:nchsoftware:express_invoice:7.12

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2019-16282

Products

Pricing

Contact Us