{"vulnerability": "cve-2021-21260", "sightings": [{"uuid": "18c33ded-22f3-4488-a11b-a21b8bac4057", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2021-21260", "type": "seen", "source": "https://t.me/cibsecurity/22528", "content": "\u203c CVE-2021-21260 \u203c\n\nOnline Invoicing System (OIS) is open source software which is a lean invoicing system for small businesses, consultants and freelancers created using AppGini. In OIS version 4.0 there is a stored XSS which can enables an attacker takeover of the admin account through a payload that extracts a csrf token and sends a request to change password. It has been found that Item description is reflected without sanitization in app/items_view.php which enables the malicious scenario.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-01-22T20:29:24.000000Z"}]}