MidnightBSD

Advisories for boxbilling

CVE-2020-23647

Cross Site Scripting (XSS) vulnerability in BoxBilling 4.19, 4.19.1, 4.20, and 4.21 allows remote attackers to run arbitrary code via the message field on the submit new ticket form.

Products Affected

Vendor Product Version
boxbilling boxbilling 4.19
boxbilling boxbilling 4.19.1
boxbilling boxbilling 4.21
boxbilling boxbilling 4.20
CVE-2022-3552

Unrestricted Upload of File with Dangerous Type in GitHub repository boxbilling/boxbilling prior to 0.0.1.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.2 HIGH CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 1.2 5.9

Products Affected

Vendor Product Version
boxbilling boxbilling *