CVE-2021-27839

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2021-27839

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2021-27839.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2021-27839

Published

2021-03-03T19:15:13.047Z

Modified

2025-11-14T11:34:01.115081Z

Severity

4.4 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N CVSS Calculator

Summary

[none]

Details

A CSV injection vulnerability found in Online Invoicing System (OIS) 4.3 and below can be exploited by users to perform malicious actions such as redirecting admins to unknown or harmful websites, or disclosing other clients' details that the user did not have access to.

References

Affected packages

Git / github.com/bigprof-software/online-invoicing-system

Affected ranges

Type: GIT
Repo: https://github.com/bigprof-software/online-invoicing-system
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

f353b777fefd1d58644fdc2fe30e4ebd751356cf

Affected versions

2.*

2.3

2.4

2.5

2.6

2.7

2.9

3.*

3.0

3.1

4.*

4.0

4.1

4.2

4.3

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2021-27839.json"