Skip to main content

Express Invoice

4 CVEs product

Monthly

CVE-2020-13476 MEDIUM POC This Month

NCH Express Invoice 8.06 to 8.24 is vulnerable to Reflected XSS in the Quotes List module. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Express Invoice
NVD
CVSS 3.1
4.8
EPSS
0.7%
CVE-2020-11560 HIGH POC This Week

NCH Express Invoice 7.25 allows local users to discover the cleartext password by reading the configuration file. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Express Invoice
NVD Exploit-DB
CVSS 3.1
7.8
EPSS
1.0%
CVE-2020-11561 HIGH POC This Week

In NCH Express Invoice 7.25, an authenticated low-privilege user can enter a crafted URL to access higher-privileged functionalities such as the "Add New Item" screen. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Express Invoice
NVD
CVSS 3.1
8.8
EPSS
2.2%
CVE-2019-16282 MEDIUM POC This Month

In NCH Express Invoice v7.12, persistent cross site scripting (XSS) exists via the Invoices/Items/Customers/Quotes input field. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Express Invoice
NVD Exploit-DB
CVSS 3.1
5.4
EPSS
0.6%
EPSS 1% CVSS 4.8
MEDIUM POC This Month

NCH Express Invoice 8.06 to 8.24 is vulnerable to Reflected XSS in the Quotes List module. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Express Invoice
NVD
EPSS 1% CVSS 7.8
HIGH POC This Week

NCH Express Invoice 7.25 allows local users to discover the cleartext password by reading the configuration file. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Express Invoice
NVD Exploit-DB
EPSS 2% CVSS 8.8
HIGH POC This Week

In NCH Express Invoice 7.25, an authenticated low-privilege user can enter a crafted URL to access higher-privileged functionalities such as the "Add New Item" screen. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Express Invoice
NVD
EPSS 1% CVSS 5.4
MEDIUM POC This Month

In NCH Express Invoice v7.12, persistent cross site scripting (XSS) exists via the Invoices/Items/Customers/Quotes input field. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Express Invoice
NVD Exploit-DB

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy