Medium severity6.3NVD Advisory· Published Nov 30, 2023· Updated Jun 17, 2026
CVE-2023-6430
CVE-2023-6430
Description
A vulnerability has been discovered in BigProf Online Invoicing System 2.6, which does not sufficiently encode user-controlled input, resulting in persistent XSS through /inventory/transactions_view.php, in the FirstRecord parameter. Exploitation of this vulnerability could allow an attacking user to store dangerous JavaScript payloads on the system that will be triggered when the page loads.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- Range: = 2.6
- Range: 3.2
Patches
Vulnerability mechanics
References
1- www.incibe.es/en/incibe-cert/notices/aviso/multiple-xss-vulnerabilities-bigprof-productsnvdThird Party Advisory
News mentions
0No linked articles in our index yet.