Nchsoftware: Security Vulnerabilities
In NCH Express Invoice 7.25, an authenticated low-privilege user can enter a crafted URL to access higher-privileged functionalities such as the "Add New Item" screen.
CVSS Score
8.8
EPSS Score
0.004
Published
2020-04-07
In NCH Express Accounts Accounting v7.02, persistent cross site scripting (XSS) exists in Invoices/Sales Orders/Items/Customers/Quotes input field. An authenticated unprivileged user can add/modify the Invoices/Sales Orders/Items/Customers/Quotes fields parameter to inject arbitrary JavaScript.
CVSS Score
5.4
EPSS Score
0.004
Published
2019-10-17
In NCH Express Invoice v7.12, persistent cross site scripting (XSS) exists via the Invoices/Items/Customers/Quotes input field. An authenticated unprivileged user can add/modify the Invoices/Items/Customers fields parameter to inject arbitrary JavaScript.
CVSS Score
5.4
EPSS Score
0.004
Published
2019-10-14
Untrusted search path vulnerability in MEO Encryption Software 2.02 allows local users to gain privileges via a Trojan horse dwmapi.dll file in the current working directory, as demonstrated by a directory that contains a .meo or .cry file. NOTE: some of these details are obtained from third party information.
CVSS Score
6.9
EPSS Score
0.0
Published
2012-09-06
Page 4