CVE-2021-27839

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2021-27839
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-27839.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2021-27839
Published
2021-03-03T19:15:13.047Z
Modified
2026-04-10T04:31:37.101998Z
Severity
  • 4.4 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N CVSS Calculator
Summary
[none]
Details

A CSV injection vulnerability found in Online Invoicing System (OIS) 4.3 and below can be exploited by users to perform malicious actions such as redirecting admins to unknown or harmful websites, or disclosing other clients' details that the user did not have access to.

References

Affected packages

Git / github.com/bigprof-software/online-invoicing-system

Affected ranges

Type
GIT
Repo
https://github.com/bigprof-software/online-invoicing-system
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
94bd508ed9e2c7d6e67f173353f24fc639d70a12
Fixed
f353b777fefd1d58644fdc2fe30e4ebd751356cf
Database specific 
{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "last_affected": "4.3"
        }
    ]
}

Affected versions

2.*
2.3
2.4
2.5
2.6
2.9
3.*
3.0
3.1
4.*
4.0
4.1
4.2
4.3

Database specific

source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-27839.json"