CVE-2017-1000466

2018-01-0301:29:00

Google

osv.dev

0.001 Low

EPSS

Percentile

26.4%

JSON

Invoice Ninja version 3.8.1 is vulnerable to stored cross-site scripting vulnerability, within the invoice creation page, which can result in disruption of service and execution of javascript code.

CPENameOperatorVersion
invoiceninjaeq2.6.3
invoiceninjaeq2.6.9
invoiceninjaeq2.9.0
invoiceninjaeq3.1.0
invoiceninjaeq2.7.1
invoiceninjaeq3.6.1
invoiceninjaeq2.6
invoiceninjaeq2.6.5
invoiceninjaeq2.4.3
invoiceninjaeq3.0.3

Name	Operator	Version
invoiceninja	eq	2.6.3
invoiceninja	eq	2.6.9
invoiceninja	eq	2.9.0
invoiceninja	eq	3.1.0
invoiceninja	eq	2.7.1
invoiceninja	eq	3.6.1
invoiceninja	eq	2.6
invoiceninja	eq	2.6.5
invoiceninja	eq	2.4.3
invoiceninja	eq	3.0.3

Rows per page:

1-10 of 1151

References

github.com/invoiceninja/invoiceninja/issues/1727

0.001 Low

EPSS

Percentile

26.4%

JSON

Related for OSV:CVE-2017-1000466