CVE-2023-6426

Summary

CVE-2023-6426 is a newly discovered cross-site scripting (XSS) vulnerability affecting BigProf Online Invoicing System version 2.6. The issue stems from insufficient input encoding, allowing user-controlled data to be injected maliciously into the FirstRecord parameter in the /invoicing/app/invoices_view.php file. An attacker can exploit this vulnerability by injecting malicious JavaScript code, which will be executed when the page loads, potentially leading to unauthorized access, data theft, or other harmful actions. Users are strongly urged to update their systems to a secure version as soon as possible to mitigate this risk.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.