Express Accounts CVEs and Security Vulnerabilities

Use the Query Builder to create your own search query, or check out the documentation to learn the search syntax.

CVEs in KEV CVEs with EPSS >= 80% Crit. Microsoft High Apache SQL Injection (CWE-89) Linux Kernel High (CVSS 3.1) Apache Struts RCE (Remote Code Execution) XSS (CWE-79) Critical (CVSS 4.0) CVEs to check

CVE	Vendors	Products	Updated	CVSS v3.1
CVE-2020-13474	1 Nchsoftware	1 Express Accounts	2024-11-21	6.5 Medium
In NCH Express Accounts 8.24 and earlier, an authenticated low-privilege user can enter a crafted URL to access higher-privileged functionalities such as Add/Edit users.
CVE-2020-13473	1 Nchsoftware	1 Express Accounts	2024-11-21	5.5 Medium
NCH Express Accounts 8.24 and earlier allows local users to discover the cleartext password by reading the configuration file.
CVE-2019-16330	1 Nchsoftware	1 Express Accounts Accounting	2024-11-21	5.4 Medium
In NCH Express Accounts Accounting v7.02, persistent cross site scripting (XSS) exists in Invoices/Sales Orders/Items/Customers/Quotes input field. An authenticated unprivileged user can add/modify the Invoices/Sales Orders/Items/Customers/Quotes fields parameter to inject arbitrary JavaScript.

Page 1 of 1.