0.001 Low
EPSS
Percentile
40.7%
Invoice Plane version 1.5.4 and earlier contains a Cross Site Scripting (XSS) vulnerability in Clientβs details that can result in execution of javascript code . This vulnerability appears to have been fixed in 1.5.5 and later.
github.com/InvoicePlane/InvoicePlane/pull/557
github.com/InvoicePlane/InvoicePlane/pull/557/commits/3fc256ccef403f5be9982f02ef340d9e01daabb2