CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Nchsoftware: >> Express Accounts Accounting Security Vulnerabilities

CVE-2019-16330

In NCH Express Accounts Accounting v7.02, persistent cross site scripting (XSS) exists in Invoices/Sales Orders/Items/Customers/Quotes input field. An authenticated unprivileged user can add/modify the Invoices/Sales Orders/Items/Customers/Quotes fields parameter to inject arbitrary JavaScript.

CVSS Score

5.4

EPSS Score

0.004

Published

2019-10-17

Page 1

Vulnerabilities

Vulnerable Software

Nchsoftware: >> Express Accounts Accounting Security Vulnerabilities

Products

Pricing

Contact Us