Express Invoice

express_invoice

Vendor: Nchsoftware • 4 CVEs

CVEs (4)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2020-13476 1Nchsoftware 1Express Invoice Jun 17, 2026 Dec 28, 2020 N/A· v4 4.8 MEDIUM· v3 3.5 LOW· v2 NCH Express Invoice 8.06 to 8.24 is vulnerable to Reflected XSS in the Quotes List module.
CVE-2020-11560 1Nchsoftware 1Express Invoice Jun 17, 2026 Apr 7, 2020 N/A· v4 7.8 HIGH· v3 2.1 LOW· v2 NCH Express Invoice 7.25 allows local users to discover the cleartext password by reading the configuration file.
CVE-2020-11561 1Nchsoftware 1Express Invoice Jun 17, 2026 Apr 7, 2020 N/A· v4 8.8 HIGH· v3 6.5 MEDIUM· v2 In NCH Express Invoice 7.25, an authenticated low-privilege user can enter a crafted URL to access higher-privileged functionalities such as the "Add New Item" screen.
CVE-2019-16282 1Nchsoftware 1Express Invoice Jun 17, 2026 Oct 14, 2019 N/A· v4 5.4 MEDIUM· v3 3.5 LOW· v2 In NCH Express Invoice v7.12, persistent cross site scripting (XSS) exists via the Invoices/Items/Customers/Quotes input field. An authenticated unprivileged user can add/modify the Invoices/Items/Customers fields parame...Show more In NCH Express Invoice v7.12, persistent cross site scripting (XSS) exists via the Invoices/Items/Customers/Quotes input field. An authenticated unprivileged user can add/modify the Invoices/Items/Customers fields parameter to inject arbitrary JavaScript.Show less