Cross Site Scripting (XSS) vulnerability in BoxBilling 4.19, 4.19.1, 4.20, and 4.21 allows remote attackers to run arbitrary code via the message field on the submit new ticket form.
{
"cpe": [
"cpe:2.3:a:boxbilling:boxbilling:4.19:*:*:*:*:*:*:*",
"cpe:2.3:a:boxbilling:boxbilling:4.19.1:*:*:*:*:*:*:*",
"cpe:2.3:a:boxbilling:boxbilling:4.20:*:*:*:*:*:*:*",
"cpe:2.3:a:boxbilling:boxbilling:4.21:*:*:*:*:*:*:*"
],
"extracted_events": [
{
"introduced": "4.19"
},
{
"last_affected": "4.19"
},
{
"introduced": "4.19.1"
},
{
"last_affected": "4.19.1"
},
{
"introduced": "4.20"
},
{
"last_affected": "4.20"
},
{
"introduced": "4.21"
},
{
"last_affected": "4.21"
}
],
"source": "CPE_STRING"
}