Online Invoicing System
CVE-2021-27839
MEDIUM
Severity by source
AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
Lifecycle Timeline
1DescriptionNVD
A CSV injection vulnerability found in Online Invoicing System (OIS) 4.3 and below can be exploited by users to perform malicious actions such as redirecting admins to unknown or harmful websites, or disclosing other clients' details that the user did not have access to.
AnalysisAI
A CSV injection vulnerability found in Online Invoicing System (OIS) 4.3 and below can be exploited by users to perform malicious actions such as redirecting admins to unknown or harmful websites, or. Rated medium severity (CVSS 4.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Technical ContextAI
This vulnerability is classified under CWE-1236. A CSV injection vulnerability found in Online Invoicing System (OIS) 4.3 and below can be exploited by users to perform malicious actions such as redirecting admins to unknown or harmful websites, or disclosing other clients' details that the user did not have access to. Affected products include: Bigprof Online Invoicing System.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.
More in Online Invoicing System
View allBigProf Online Invoicing System before 3.1 fails to correctly sanitize an XSS payload when a user registers using the se
BigProf Online Invoicing System (OIS) through 2.6 has XSS that can be leveraged for session hijacking. Rated medium seve
Online Invoicing System (OIS) is open source software which is a lean invoicing system for small businesses, consultants
A vulnerability has been discovered in BigProf Online Invoicing System 2.6, which does not sufficiently encode user-cont
A vulnerability has been discovered in BigProf Online Invoicing System 2.6, which does not sufficiently encode user-cont
A vulnerability has been discovered in BigProf Online Invoicing System 2.6, which does not sufficiently encode user-cont
A vulnerability has been discovered in BigProf Online Invoicing System 2.6, which does not sufficiently encode user-cont
A vulnerability has been discovered in BigProf Online Invoicing System 2.6, which does not sufficiently encode user-cont
A vulnerability has been discovered in BigProf Online Invoicing System 2.6, which does not sufficiently encode user-cont
A vulnerability has been discovered in BigProf Online Invoicing System 2.6, which does not sufficiently encode user-cont
A vulnerability has been discovered in BigProf Online Invoicing System 2.6, which does not sufficiently encode user-cont
A vulnerability has been discovered in BigProf Online Invoicing System 2.6, which does not sufficiently encode user-cont
Same technique Code Injection
View allShare
External POC / Exploit Code
Leaving vuln.today