VYPR

Online Inventory Manager

by bigprof

CVEs (7)

  • CVE-2019-25265MedFeb 3, 2026
    risk 0.42cvss 6.4epss 0.00

    Online Inventory Manager 3.2 contains a stored cross-site scripting vulnerability in the group description field of the admin edit groups section. Attackers can inject malicious JavaScript through the description field that will execute when the groups page is viewed, allowing…

  • CVE-2023-6435MedNov 30, 2023
    risk 0.41cvss 6.3epss 0.00

    A vulnerability has been discovered in BigProf Online Invoicing System 2.6, which does not sufficiently encode user-controlled input, resulting in persistent XSS through /inventory/batches_view.php, in the FirstRecord parameter. Exploitation of this vulnerability could allow an…

  • CVE-2023-6434MedNov 30, 2023
    risk 0.41cvss 6.3epss 0.00

    A vulnerability has been discovered in BigProf Online Invoicing System 2.6, which does not sufficiently encode user-controlled input, resulting in persistent XSS through /inventory/sections_view.php, in the FirstRecord parameter. Exploitation of this vulnerability could allow an…

  • CVE-2023-6433MedNov 30, 2023
    risk 0.41cvss 6.3epss 0.00

    A vulnerability has been discovered in BigProf Online Invoicing System 2.6, which does not sufficiently encode user-controlled input, resulting in persistent XSS through /inventory/suppliers_view.php, in the FirstRecord parameter. Exploitation of this vulnerability could allow…

  • CVE-2023-6432MedNov 30, 2023
    risk 0.41cvss 6.3epss 0.00

    A vulnerability has been discovered in BigProf Online Invoicing System 2.6, which does not sufficiently encode user-controlled input, resulting in persistent XSS through /inventory/items_view.php, in the FirstRecord parameter. Exploitation of this vulnerability could allow an…

  • CVE-2023-6431MedNov 30, 2023
    risk 0.41cvss 6.3epss 0.00

    A vulnerability has been discovered in BigProf Online Invoicing System 2.6, which does not sufficiently encode user-controlled input, resulting in persistent XSS through /inventory/categories_view.php, in the FirstRecord parameter. Exploitation of this vulnerability could allow…

  • CVE-2023-6430MedNov 30, 2023
    risk 0.41cvss 6.3epss 0.00

    A vulnerability has been discovered in BigProf Online Invoicing System 2.6, which does not sufficiently encode user-controlled input, resulting in persistent XSS through /inventory/transactions_view.php, in the FirstRecord parameter. Exploitation of this vulnerability could…