CVE-2020-23647

Publication date

2023-04-28 00:00:00

Family

mitre

State

PUBLISHED

Description

Cross Site Scripting (XSS) vulnerability in BoxBilling 4.19, 4.19.1, 4.20, and 4.21 allows remote attackers to run arbitrary code via the message field on the submit new ticket form.