Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
4.3
CVSSv2

CVE-2012-4932

Published: 28/12/2012 Updated: 11/10/2013
CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6
VMScore: 435
Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N
Subscribe to Simple Invoices

Vulnerability Summary

Multiple cross-site scripting (XSS) vulnerabilities in SimpleInvoices before stable-2012-1-CIS3000 allow remote malicious users to inject arbitrary web script or HTML via (1) the having parameter in a manage action to index.php; (2) the Email field in an Add User action; (3) the Customer Name field in an Add Customer action; the (4) Street address, (5) Street address 2, (6) City, (7) Zip code, (8) State, (9) Country, (10) Mobile Phone, (11) Phone, (12) Fax, (13) Email, (14) PayPal business name, (15) PayPal notify url, (16) PayPal return url, (17) Eway customer ID, (18) Custom field 1, (19) Custom field 2, (20) Custom field 3, or (21) Custom field 4 field in an Add Biller action; (22) the Customer field in an Add Invoice action; the (23) Invoice or (24) Notes field in a Process Payment action; (25) the Payment type description field in a Payment Types action; (26) the Description field in an Invoice Preferences action; (27) the Description field in a Manage Products action; or (28) the Description field in a Tax Rates action.

Vulnerable Product Search on Vulmon Subscribe to Product

simple invoices simple invoices

simple invoices simple invoices 2007-05-25

simple invoices simple invoices 2007-01-25

simple invoices simple invoices 2006-12-11

simple invoices simple invoices 2007-02-02

Exploits

Exploit DB: SimpleInvoices invoices Module - Customer Field Cross-Site Scripting
source: wwwsecurityfocuscom/bid/56882/info Simple Invoices is prone to multiple HTML-injection vulnerabilities and a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input before using it in dynamically generated content Successful exploits will allow attacker-supplied HTML and script code to run in ...
Exploit DB: SimpleInvoices 2011.1 Cross Site Scripting
OverviewSimpleInvoices 20111 is vulnerable to Cross-site Scripting (XSS)Software DescriptionSimple Invoices is a free, open source, web based invoicing system that you can install on your server/pc or have hosted by one of our services providersVulnerability OverviewThe vulnerabilities POC are as follows:Reflective Cross-Site-Scripting (XSS)[htt ...

References

CWE-79http://archives.neohapsis.com/archives/bugtraq/2012-12/0074.htmlhttps://nvd.nist.govhttps://www.exploit-db.com/exploits/38115/
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
blind SQL injectionSSRFbuffer overflowCVE-2023-28952CVE-2023-41822CVE-2024-27956CVE-2023-7028CVE-2024-34447CVE-2024-34460
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook