Cross Site Scripting (XSS) vulnerability in BoxBilling 4.19, 4.19.1, 4.20, and 4.21 allows remote attackers to run arbitrary code via the message field on the submit new ticket form.
Products Affected
| Vendor | Product | Version |
|---|---|---|
| boxbilling | boxbilling | 4.19 |
| boxbilling | boxbilling | 4.19.1 |
| boxbilling | boxbilling | 4.21 |
| boxbilling | boxbilling | 4.20 |
Unrestricted Upload of File with Dangerous Type in GitHub repository boxbilling/boxbilling prior to 0.0.1.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.2 | HIGH | CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H | 1.2 | 5.9 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| boxbilling | boxbilling | * |