{"vulnerability": "CVE-2023-6432", "sightings": [{"uuid": "e0e008fe-64b8-4cb1-a3dd-9f1ffc9b5db2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-6432", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/17267", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2023-6432\n\ud83d\udd25 CVSS Score: 6.3 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L)\n\ud83d\udd39 Description: A vulnerability has been discovered in BigProf Online Invoicing System 2.6, which does not sufficiently encode user-controlled input, resulting in persistent XSS through /inventory/items_view.php, in the FirstRecord parameter. Exploitation of this vulnerability could allow an attacking user to store dangerous JavaScript payloads on the system that will be triggered when the page loads.\n\ud83d\udccf Published: 2023-11-30T13:55:08.870Z\n\ud83d\udccf Modified: 2025-05-22T13:34:37.714Z\n\ud83d\udd17 References:\n1. https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-xss-vulnerabilities-bigprof-products", "creation_timestamp": "2025-05-22T13:43:15.000000Z"}, {"uuid": "9f8d697e-893c-4285-918d-b64408fed9b4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-6432", "type": "seen", "source": "https://t.me/ctinow/157511", "content": "https://ift.tt/RmkwIiM\nCVE-2023-6432 | BigProf Online Inventory Manager 3.2 items_view.php FirstRecord cross site scripting", "creation_timestamp": "2023-12-21T07:31:59.000000Z"}]}