VYPR

Express Invoice

by NCH Software

CVEs (4)

  • CVE-2020-11561HigApr 7, 2020
    risk 0.57cvss 8.8epss 0.02

    In NCH Express Invoice 7.25, an authenticated low-privilege user can enter a crafted URL to access higher-privileged functionalities such as the "Add New Item" screen.

  • CVE-2020-11560HigApr 7, 2020
    risk 0.54cvss 7.8epss 0.01

    NCH Express Invoice 7.25 allows local users to discover the cleartext password by reading the configuration file.

  • CVE-2019-16282MedOct 14, 2019
    risk 0.35cvss 5.4epss 0.01

    In NCH Express Invoice v7.12, persistent cross site scripting (XSS) exists via the Invoices/Items/Customers/Quotes input field. An authenticated unprivileged user can add/modify the Invoices/Items/Customers fields parameter to inject arbitrary JavaScript.

  • CVE-2020-13476MedDec 28, 2020
    risk 0.31cvss 4.8epss 0.01

    NCH Express Invoice 8.06 to 8.24 is vulnerable to Reflected XSS in the Quotes List module.