Medium severity6.1NVD Advisory· Published Jan 8, 2020· Updated Jun 17, 2026
CVE-2020-6583
CVE-2020-6583
Description
BigProf Online Invoicing System (OIS) through 2.6 has XSS that can be leveraged for session hijacking. An attacker can exploit the XSS vulnerability, retrieve the session cookie from the administrator login, and take over the administrator account via the Name field in an Add New Client action.
Affected products
2- BigProf/Online Invoicing Systemdescription
- Range: <=2.6
Patches
Vulnerability mechanics
References
1- www.sevenlayers.com/index.php/282-online-invoicing-system-2-6-xss-session-hijacknvdExploitThird Party Advisory
News mentions
0No linked articles in our index yet.