Nchsoftware Express Invoice vulnerabilities
4 known vulnerabilities affecting nchsoftware/express_invoice.
Total CVEs
4
CISA KEV
0
Public exploits
1
Exploited in wild
0
Severity breakdown
HIGH2MEDIUM2
Vulnerabilities
Page 1 of 1
CVE-2020-11560P3HIGHCVSS 7.8PoCv7.252020-04-07
CVE-2020-11560 [HIGH] CWE-522 CVE-2020-11560: NCH Express Invoice 7.25 allows local users to discover the cleartext password by reading the config
NCH Express Invoice 7.25 allows local users to discover the cleartext password by reading the configuration file.
nvd
CVE-2020-11561P3HIGHCVSS 8.8v7.252020-04-07
CVE-2020-11561 [HIGH] CWE-425 CVE-2020-11561: In NCH Express Invoice 7.25, an authenticated low-privilege user can enter a crafted URL to access h
In NCH Express Invoice 7.25, an authenticated low-privilege user can enter a crafted URL to access higher-privileged functionalities such as the "Add New Item" screen.
nvd
CVE-2019-16282P4MEDIUMCVSS 5.4v7.122019-10-14
CVE-2019-16282 [MEDIUM] CWE-79 CVE-2019-16282: In NCH Express Invoice v7.12, persistent cross site scripting (XSS) exists via the Invoices/Items/Cu
In NCH Express Invoice v7.12, persistent cross site scripting (XSS) exists via the Invoices/Items/Customers/Quotes input field. An authenticated unprivileged user can add/modify the Invoices/Items/Customers fields parameter to inject arbitrary JavaScript.
nvd
CVE-2020-13476P4MEDIUMCVSS 4.8≥ 8.06, ≤ 8.242020-12-28
CVE-2020-13476 [MEDIUM] CWE-79 CVE-2020-13476: NCH Express Invoice 8.06 to 8.24 is vulnerable to Reflected XSS in the Quotes List module.
NCH Express Invoice 8.06 to 8.24 is vulnerable to Reflected XSS in the Quotes List module.
nvd