VYPR
Vendor

bigprof

Products
4
CVEs
21
Across products
27
Status
Private

Products

4

Recent CVEs

21
View all 21 CVEs →
  • CVE-2020-35674CriSep 29, 2022
    risk 0.57cvss 9.8epss 0.01

    BigProf Online Invoicing System before 2.9 suffers from an unauthenticated SQL Injection found in /membership_passwordReset.php (the endpoint that is responsible for issuing self-service password resets). An unauthenticated attacker is able to send a request containing a crafted…

  • CVE-2020-35675HigSep 29, 2022
    risk 0.50cvss 8.8epss 0.00

    BigProf Online Invoicing System before 3.0 offers a functionality that allows an administrator to move the records of members across groups. The applicable endpoint (admin/pageTransferOwnership.php) lacks CSRF protection, resulting in an attacker being able to escalate their…

  • CVE-2019-25265MedFeb 3, 2026
    risk 0.42cvss 6.4epss 0.00

    Online Inventory Manager 3.2 contains a stored cross-site scripting vulnerability in the group description field of the admin edit groups section. Attackers can inject malicious JavaScript through the description field that will execute when the groups page is viewed, allowing…

  • CVE-2023-6435MedNov 30, 2023
    risk 0.41cvss 6.3epss 0.00

    A vulnerability has been discovered in BigProf Online Invoicing System 2.6, which does not sufficiently encode user-controlled input, resulting in persistent XSS through /inventory/batches_view.php, in the FirstRecord parameter. Exploitation of this vulnerability could allow an…

  • CVE-2023-6434MedNov 30, 2023
    risk 0.41cvss 6.3epss 0.00

    A vulnerability has been discovered in BigProf Online Invoicing System 2.6, which does not sufficiently encode user-controlled input, resulting in persistent XSS through /inventory/sections_view.php, in the FirstRecord parameter. Exploitation of this vulnerability could allow an…

  • CVE-2023-6433MedNov 30, 2023
    risk 0.41cvss 6.3epss 0.00

    A vulnerability has been discovered in BigProf Online Invoicing System 2.6, which does not sufficiently encode user-controlled input, resulting in persistent XSS through /inventory/suppliers_view.php, in the FirstRecord parameter. Exploitation of this vulnerability could allow…

  • CVE-2023-6432MedNov 30, 2023
    risk 0.41cvss 6.3epss 0.00

    A vulnerability has been discovered in BigProf Online Invoicing System 2.6, which does not sufficiently encode user-controlled input, resulting in persistent XSS through /inventory/items_view.php, in the FirstRecord parameter. Exploitation of this vulnerability could allow an…

  • CVE-2023-6431MedNov 30, 2023
    risk 0.41cvss 6.3epss 0.00

    A vulnerability has been discovered in BigProf Online Invoicing System 2.6, which does not sufficiently encode user-controlled input, resulting in persistent XSS through /inventory/categories_view.php, in the FirstRecord parameter. Exploitation of this vulnerability could allow…

  • CVE-2023-6430MedNov 30, 2023
    risk 0.41cvss 6.3epss 0.00

    A vulnerability has been discovered in BigProf Online Invoicing System 2.6, which does not sufficiently encode user-controlled input, resulting in persistent XSS through /inventory/transactions_view.php, in the FirstRecord parameter. Exploitation of this vulnerability could…

  • CVE-2023-6429MedNov 30, 2023
    risk 0.41cvss 6.3epss 0.00

    A vulnerability has been discovered in BigProf Online Invoicing System 2.6, which does not sufficiently encode user-controlled input, resulting in persistent XSS through /invoicing/app/clients_view.php, in the FirstRecord parameter. Exploitation of this vulnerability could allow…

  • CVE-2023-6428MedNov 30, 2023
    risk 0.41cvss 6.3epss 0.00

    A vulnerability has been discovered in BigProf Online Invoicing System 2.6, which does not sufficiently encode user-controlled input, resulting in persistent XSS through /invoicing/app/items_view.php, in the FirstRecord parameter. Exploitation of this vulnerability could allow…

  • CVE-2023-6427MedNov 30, 2023
    risk 0.41cvss 6.3epss 0.00

    A vulnerability has been discovered in BigProf Online Invoicing System 2.6, which does not sufficiently encode user-controlled input, resulting in persistent XSS through /invoicing/app/invoices_view.php, in the FirstRecord parameter. Exploitation of this vulnerability could…

  • CVE-2023-6426MedNov 30, 2023
    risk 0.41cvss 6.3epss 0.00

    A vulnerability has been discovered in BigProf Online Invoicing System 2.6, which does not sufficiently encode user-controlled input, resulting in persistent XSS through /invoicing/app/invoices_view.php, in the FirstRecord parameter. Exploitation of this vulnerability could…

  • CVE-2023-6425MedNov 30, 2023
    risk 0.41cvss 6.3epss 0.00

    A vulnerability has been discovered in BigProf Online Clinic Management System 2.2, which does not sufficiently encode user-controlled input, resulting in persistent XSS through /clinic/medical_records_view.php, in the FirstRecord parameter. Exploitation of this vulnerability…

  • CVE-2023-6424MedNov 30, 2023
    risk 0.41cvss 6.3epss 0.00

    A vulnerability has been discovered in BigProf Online Clinic Management System 2.2, which does not sufficiently encode user-controlled input, resulting in persistent XSS through /clinic/disease_symptoms_view.php, in the FirstRecord parameter. Exploitation of this vulnerability…

  • CVE-2023-6423MedNov 30, 2023
    risk 0.41cvss 6.3epss 0.00

    A vulnerability has been discovered in BigProf Online Clinic Management System 2.2, which does not sufficiently encode user-controlled input, resulting in persistent XSS through /clinic/events_view.php, in the FirstRecord parameter. Exploitation of this vulnerability could allow…

  • CVE-2023-6422MedNov 30, 2023
    risk 0.41cvss 6.3epss 0.00

    A vulnerability has been discovered in BigProf Online Clinic Management System 2.2, which does not sufficiently encode user-controlled input, resulting in persistent XSS through /clinic/patients_view.php, in the FirstRecord parameter. Exploitation of this vulnerability could…

  • CVE-2020-6583MedJan 8, 2020
    risk 0.40cvss 6.1epss 0.01

    BigProf Online Invoicing System (OIS) through 2.6 has XSS that can be leveraged for session hijacking. An attacker can exploit the XSS vulnerability, retrieve the session cookie from the administrator login, and take over the administrator account via the Name field in an Add…

  • CVE-2018-18587MedOct 23, 2018
    risk 0.34cvss 5.3epss 0.01

    BigProf AppGini 5.70 stores the passwords in the database using the MD5 hash.

  • CVE-2020-35676MedDec 24, 2020
    risk 0.33cvss 6.1epss 0.01

    BigProf Online Invoicing System before 3.1 fails to correctly sanitize an XSS payload when a user registers using the self-registration functionality. As such, an attacker can input a crafted payload that will execute upon the application's administrator browsing the registered…