Lucene search

MitreCVE-2021-27839

HistoryMar 03, 2021 - 7:15 p.m.

CVE-2021-27839

2021-03-0319:15:13

CWE-1236

mitre

web.nvd.nist.gov

cve

2021

27839

csv

injection

vulnerability

online invoicing system

ois

nvd

CVSS2

5.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:P/A:N

CVSS3

4.4

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N

AI Score

4.7

Confidence

High

EPSS

0.001

Percentile

25.1%

JSON

A CSV injection vulnerability found in Online Invoicing System (OIS) 4.3 and below can be exploited by users to perform malicious actions such as redirecting admins to unknown or harmful websites, or disclosing other clients’ details that the user did not have access to.

Affected configurations

Nvd

Node

bigprofonline_invoicing_systemRange≤4.3

VendorProductVersionCPE
bigprofonline_invoicing_system*cpe:2.3:a:bigprof:online_invoicing_system:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
bigprof	online_invoicing_system	*	cpe:2.3:a:bigprof:online_invoicing_system::::::::

References

github.com/bigprof-software/online-invoicing-system/releases/tag/4.4

www.jinsonvarghese.com/csv-injection-in-online-invoicing-system/

Social References

CVSS2

5.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:P/A:N

CVSS3

4.4

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N

AI Score

4.7

Confidence

High

EPSS

0.001

Percentile

25.1%

JSON

Related for CVE-2021-27839