High severity7.6NVD Advisory· Published Jan 22, 2021· Updated Jun 17, 2026
CVE-2021-21260
CVE-2021-21260
Description
Online Invoicing System (OIS) is open source software which is a lean invoicing system for small businesses, consultants and freelancers created using AppGini. In OIS version 4.0 there is a stored XSS which can enables an attacker takeover of the admin account through a payload that extracts a csrf token and sends a request to change password. It has been found that Item description is reflected without sanitization in app/items_view.php which enables the malicious scenario.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- Range: <4.0
- bigprof-software/online-invoicing-systemv5Range: = 4.0
Patches
Vulnerability mechanics
References
2- github.com/bigprof-software/online-invoicing-system/security/advisories/GHSA-rm79-5596-r7q4nvdExploitThird Party Advisory
- github.com/bigprof-software/online-invoicing-system/releases/tag/4.2nvdThird Party Advisory
News mentions
0No linked articles in our index yet.