Invoice Plane version 1.5.4 and earlier contains a Cross Site Scripting (XSS) vulnerability in Client’s details that can result in execution of javascript code . This vulnerability appears to have been fixed in 1.5.5 and later.
CPE | Name | Operator | Version |
---|---|---|---|
invoiceplane | le | 1.5.4 |