Vulnerabilities (CVE)

Filtered by vendor Nchsoftware Subscribe
Filtered by product Express Accounts Accounting
Total 1 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2019-16330 1 Nchsoftware 1 Express Accounts Accounting 2024-02-28 3.5 LOW 5.4 MEDIUM
In NCH Express Accounts Accounting v7.02, persistent cross site scripting (XSS) exists in Invoices/Sales Orders/Items/Customers/Quotes input field. An authenticated unprivileged user can add/modify the Invoices/Sales Orders/Items/Customers/Quotes fields parameter to inject arbitrary JavaScript.