Skip to main content

Online Invoicing System CVE-2021-27839

MEDIUM
Improper Neutralization of Formula Elements in a CSV File (CWE-1236)
2021-03-03 cve@mitre.org
4.4
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
4.4 MEDIUM
AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
Attack Vector
Local
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Unchanged
Confidentiality
Low
Integrity
Low
Availability
None

Lifecycle Timeline

1
CVE Published
Mar 03, 2021 - 19:15 nvd
MEDIUM 4.4

DescriptionNVD

A CSV injection vulnerability found in Online Invoicing System (OIS) 4.3 and below can be exploited by users to perform malicious actions such as redirecting admins to unknown or harmful websites, or disclosing other clients' details that the user did not have access to.

AnalysisAI

A CSV injection vulnerability found in Online Invoicing System (OIS) 4.3 and below can be exploited by users to perform malicious actions such as redirecting admins to unknown or harmful websites, or. Rated medium severity (CVSS 4.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Technical ContextAI

This vulnerability is classified under CWE-1236. A CSV injection vulnerability found in Online Invoicing System (OIS) 4.3 and below can be exploited by users to perform malicious actions such as redirecting admins to unknown or harmful websites, or disclosing other clients' details that the user did not have access to. Affected products include: Bigprof Online Invoicing System.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.

CVE-2020-35676 MEDIUM POC
6.1 Dec 24

BigProf Online Invoicing System before 3.1 fails to correctly sanitize an XSS payload when a user registers using the se

CVE-2020-6583 MEDIUM POC
6.1 Jan 08

BigProf Online Invoicing System (OIS) through 2.6 has XSS that can be leveraged for session hijacking. Rated medium seve

CVE-2021-21260 MEDIUM POC
5.4 Jan 22

Online Invoicing System (OIS) is open source software which is a lean invoicing system for small businesses, consultants

CVE-2023-6435 MEDIUM
5.4 Nov 30

A vulnerability has been discovered in BigProf Online Invoicing System 2.6, which does not sufficiently encode user-cont

CVE-2023-6434 MEDIUM
5.4 Nov 30

A vulnerability has been discovered in BigProf Online Invoicing System 2.6, which does not sufficiently encode user-cont

CVE-2023-6433 MEDIUM
5.4 Nov 30

A vulnerability has been discovered in BigProf Online Invoicing System 2.6, which does not sufficiently encode user-cont

CVE-2023-6432 MEDIUM
5.4 Nov 30

A vulnerability has been discovered in BigProf Online Invoicing System 2.6, which does not sufficiently encode user-cont

CVE-2023-6431 MEDIUM
5.4 Nov 30

A vulnerability has been discovered in BigProf Online Invoicing System 2.6, which does not sufficiently encode user-cont

CVE-2023-6430 MEDIUM
5.4 Nov 30

A vulnerability has been discovered in BigProf Online Invoicing System 2.6, which does not sufficiently encode user-cont

CVE-2023-6429 MEDIUM
5.4 Nov 30

A vulnerability has been discovered in BigProf Online Invoicing System 2.6, which does not sufficiently encode user-cont

CVE-2023-6428 MEDIUM
5.4 Nov 30

A vulnerability has been discovered in BigProf Online Invoicing System 2.6, which does not sufficiently encode user-cont

CVE-2023-6427 MEDIUM
5.4 Nov 30

A vulnerability has been discovered in BigProf Online Invoicing System 2.6, which does not sufficiently encode user-cont

Share

CVE-2021-27839 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy