Security Advisory

CVE-2020-6583

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2020-01-08 19:06:46

Last updated 2024-08-04 09:11:04

Assigner mitre

State PUBLISHED

Description

BigProf Online Invoicing System (OIS) through 2.6 has XSS that can be leveraged for session hijacking. An attacker can exploit the XSS vulnerability, retrieve the session cookie from the administrator login, and take over the administrator account via the Name field in an Add New Client action.

← Browse all CVEs View on cve.org ↗