Lucene search
K

92 matches found

EUVD
EUVD
added 2026/07/01 12:34 a.m.8 views

EUVD-2026-40419

Invoice Ninja through 5.13.26 contains an open redirect vulnerability in the client portal login that allows unauthenticated attackers to redirect authenticated victims to attacker-controlled external URLs by injecting a malicious value into the intended query parameter. Attackers can craft a...

5.3CVSS5.8AI score0.00176EPSS
Exploits0References3
NVD
NVD
added 2026/06/30 10:16 p.m.13 views

CVE-2026-58450

Invoice Ninja through 5.13.26 contains an open redirect vulnerability in the client portal login that allows unauthenticated attackers to redirect authenticated victims to attacker-controlled external URLs by injecting a malicious value into the intended query parameter. Attackers can craft a...

5.3CVSS0.00176EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/30 9:7 p.m.36 views

CVE-2026-58450 Invoice Ninja 5.13.26 - Open Redirect in Client Portal Login via intended Parameter

Invoice Ninja through 5.13.26 contains an open redirect vulnerability in the client portal login that allows unauthenticated attackers to redirect authenticated victims to attacker-controlled external URLs by injecting a malicious value into the intended query parameter. Attackers can craft a...

5.3CVSS0.00176EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/30 12:0 a.m.9 views

PT-2026-53999

Name of the Vulnerable Software and Affected Versions Invoice Ninja versions prior to 5.13.27 Description An open redirect exists in the client portal login. Unauthenticated attackers can redirect authenticated users to external URLs by injecting a malicious value into the intended query paramete...

5.3CVSS6AI score0.00176EPSS
Exploits0References7
RedhatCVE
RedhatCVE
added 2026/03/31 4:59 a.m.10 views

CVE-2026-29925

Invoice Ninja v5.12.46 and v5.12.48 is vulnerable to Server-Side Request Forgery SSRF in CheckDatabaseRequest.php...

7.7CVSS5.9AI score0.00315EPSS
Exploits1References1
Snyk
Snyk
added 2026/03/30 8:26 p.m.3 views

Server-side Request Forgery (SSRF)

Overview hillelcoren/invoice-ninja is an Invoices, expenses & time-tracking built with Laravel Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the CheckDatabaseRequest.php process. An attacker can make unauthorized requests to internal or external systems ...

8.8CVSS5.9AI score0.00315EPSS
Exploits1References2
NVD
NVD
added 2026/03/30 7:16 p.m.36 views

CVE-2026-29925

Invoice Ninja v5.12.46 and v5.12.48 is vulnerable to Server-Side Request Forgery SSRF in CheckDatabaseRequest.php...

7.7CVSS0.00315EPSS
Exploits1References2
Cvelist
Cvelist
added 2026/03/30 12:0 a.m.19 views

CVE-2026-29925

Invoice Ninja v5.12.46 and v5.12.48 is vulnerable to Server-Side Request Forgery SSRF in CheckDatabaseRequest.php...

0.00315EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2026/03/30 12:0 a.m.5 views

PT-2026-29095

Invoice Ninja v5.12.46 and v5.12.48 is vulnerable to Server-Side Request Forgery SSRF in CheckDatabaseRequest.php...

7.7CVSS5.9AI score0.00315EPSS
Exploits1References3
ATTACKERKB
ATTACKERKB
added 2026/03/30 12:0 a.m.2 views

CVE-2026-29925

Invoice Ninja v5.12.46 and v5.12.48 is vulnerable to Server-Side Request Forgery SSRF in CheckDatabaseRequest.php...

7.7CVSS5.9AI score0.00315EPSS
Exploits1References3
Vulnrichment
Vulnrichment
added 2026/03/30 12:0 a.m.4 views

CVE-2026-29925

Invoice Ninja v5.12.46 and v5.12.48 is vulnerable to Server-Side Request Forgery SSRF in CheckDatabaseRequest.php...

5.9AI score0.00315EPSS
Exploits1References2
CVE
CVE
added 2026/03/30 12:0 a.m.12 views

CVE-2026-29925

Invoice Ninja v5.12.46 and v5.12.48 are affected by a Server-Side Request Forgery (SSRF) in CheckDatabaseRequest.php (CVE-2026-29925). Root cause is input handling in the CheckDatabaseRequest process that allows unintended requests to internal/external systems. Documented impact is the SSRF vulne...

7.7CVSS5.9AI score0.00315EPSS
Exploits1References2Affected Software1
CNNVD
CNNVD
added 2026/03/30 12:0 a.m.7 views

Invoice Ninja 安全漏洞

Invoice Ninja is an open-source application developed by Invoice Ninja, featuring features for invoice management, quotation processing, project tracking, and time tracking. Versions 5.12.46 and 5.12.48 of Invoice Ninja contain security vulnerabilities, which stem from server-side request forgery...

7.7CVSS5.8AI score0.00315EPSS
Exploits1References3
RedhatCVE
RedhatCVE
added 2026/03/27 10:51 p.m.4 views

CVE-2026-33742

Invoice Ninja is a source-available invoice, quote, project and time-tracking app built with Laravel. Product notes fields in Invoice Ninja v5.13.0 allow raw HTML via Markdown rendering, enabling stored XSS. The Markdown parser output was not sanitized with purify::clean before being included in...

5.4CVSS5.9AI score0.00202EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/03/27 10:51 p.m.17 views

CVE-2026-33628

Invoice Ninja is a source-available invoice, quote, project and time-tracking app built with Laravel. Invoice line item descriptions in Invoice Ninja v5.13.0 bypass the XSS denylist filter, allowing stored XSS payloads to execute when invoices are rendered in the PDF preview or client portal. The...

5.4CVSS6AI score0.00231EPSS
Exploits0References1
NVD
NVD
added 2026/03/26 9:17 p.m.12 views

CVE-2026-33742

Invoice Ninja is a source-available invoice, quote, project and time-tracking app built with Laravel. Product notes fields in Invoice Ninja v5.13.0 allow raw HTML via Markdown rendering, enabling stored XSS. The Markdown parser output was not sanitized with purify::clean before being included in...

5.4CVSS0.00202EPSS
Exploits1References2
NVD
NVD
added 2026/03/26 9:17 p.m.3 views

CVE-2026-33628

Invoice Ninja is a source-available invoice, quote, project and time-tracking app built with Laravel. Invoice line item descriptions in Invoice Ninja v5.13.0 bypass the XSS denylist filter, allowing stored XSS payloads to execute when invoices are rendered in the PDF preview or client portal. The...

5.4CVSS0.00231EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/03/26 8:50 p.m.20 views

CVE-2026-33742 Invoice Ninja has Stored XSS via Markdown HTML Injection in Product Notes

Invoice Ninja is a source-available invoice, quote, project and time-tracking app built with Laravel. Product notes fields in Invoice Ninja v5.13.0 allow raw HTML via Markdown rendering, enabling stored XSS. The Markdown parser output was not sanitized with purify::clean before being included in...

5.4CVSS0.00202EPSS
Exploits1References2
EUVD
EUVD
added 2026/03/26 8:50 p.m.6 views

EUVD-2026-16418

Invoice Ninja is a source-available invoice, quote, project and time-tracking app built with Laravel. Product notes fields in Invoice Ninja v5.13.0 allow raw HTML via Markdown rendering, enabling stored XSS. The Markdown parser output was not sanitized with purify::clean before being included in...

5.4CVSS5.8AI score0.00202EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2026/03/26 8:50 p.m.1 views

CVE-2026-33742 Invoice Ninja has Stored XSS via Markdown HTML Injection in Product Notes

Invoice Ninja is a source-available invoice, quote, project and time-tracking app built with Laravel. Product notes fields in Invoice Ninja v5.13.0 allow raw HTML via Markdown rendering, enabling stored XSS. The Markdown parser output was not sanitized with purify::clean before being included in...

5.4CVSS5.9AI score0.00202EPSS
Exploits1References2
Rows per page
Query Builder