https://vulnerability.circl.lu/sightings/feed 2026-06-04T00:08:29.190142+00:00 Vulnerability-Lookup info@circl.lu python-feedgen Contains only the most 10 recent sightings. https://vulnerability.circl.lu/sighting/18c33ded-22f3-4488-a11b-a21b8bac4057/export 2026-06-04T00:08:29.516106+00:00 Automation user https://cve.circl.lu/user/automation {"uuid": "18c33ded-22f3-4488-a11b-a21b8bac4057", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-21260", "type": "seen", "source": "https://t.me/cibsecurity/22528", "content": "\u203c CVE-2021-21260 \u203c\n\nOnline Invoicing System (OIS) is open source software which is a lean invoicing system for small businesses, consultants and freelancers created using AppGini. In OIS version 4.0 there is a stored XSS which can enables an attacker takeover of the admin account through a payload that extracts a csrf token and sends a request to change password. It has been found that Item description is reflected without sanitization in app/items_view.php which enables the malicious scenario.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-01-22T20:29:24.000000Z"} 2021-01-22T20:29:24+00:00