87 matches found
CVE-2026-29925
Invoice Ninja v5.12.46 and v5.12.48 is vulnerable to Server-Side Request Forgery SSRF in CheckDatabaseRequest.php...
Server-side Request Forgery (SSRF)
Overview hillelcoren/invoice-ninja is an Invoices, expenses & time-tracking built with Laravel Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the CheckDatabaseRequest.php process. An attacker can make unauthorized requests to internal or external systems ...
CVE-2026-29925
Invoice Ninja v5.12.46 and v5.12.48 is vulnerable to Server-Side Request Forgery SSRF in CheckDatabaseRequest.php...
CVE-2026-29925
Invoice Ninja v5.12.46 and v5.12.48 is vulnerable to Server-Side Request Forgery SSRF in CheckDatabaseRequest.php...
CVE-2026-29925
Invoice Ninja v5.12.46 and v5.12.48 is vulnerable to Server-Side Request Forgery SSRF in CheckDatabaseRequest.php...
Invoice Ninja 安全漏洞
Invoice Ninja is an open-source application developed by Invoice Ninja, featuring features for invoice management, quotation processing, project tracking, and time tracking. Versions 5.12.46 and 5.12.48 of Invoice Ninja contain security vulnerabilities, which stem from server-side request forgery...
CVE-2026-29925
Invoice Ninja v5.12.46 and v5.12.48 is vulnerable to Server-Side Request Forgery SSRF in CheckDatabaseRequest.php...
PT-2026-29095
Invoice Ninja v5.12.46 and v5.12.48 is vulnerable to Server-Side Request Forgery SSRF in CheckDatabaseRequest.php...
CVE-2026-29925
Invoice Ninja v5.12.46 and v5.12.48 are affected by a Server-Side Request Forgery (SSRF) in CheckDatabaseRequest.php (CVE-2026-29925). Root cause is input handling in the CheckDatabaseRequest process that allows unintended requests to internal/external systems. Documented impact is the SSRF vulne...
CVE-2026-33742
Invoice Ninja is a source-available invoice, quote, project and time-tracking app built with Laravel. Product notes fields in Invoice Ninja v5.13.0 allow raw HTML via Markdown rendering, enabling stored XSS. The Markdown parser output was not sanitized with purify::clean before being included in...
CVE-2026-33628
Invoice Ninja is a source-available invoice, quote, project and time-tracking app built with Laravel. Invoice line item descriptions in Invoice Ninja v5.13.0 bypass the XSS denylist filter, allowing stored XSS payloads to execute when invoices are rendered in the PDF preview or client portal. The...
CVE-2026-33742
Invoice Ninja is a source-available invoice, quote, project and time-tracking app built with Laravel. Product notes fields in Invoice Ninja v5.13.0 allow raw HTML via Markdown rendering, enabling stored XSS. The Markdown parser output was not sanitized with purify::clean before being included in...
CVE-2026-33628
Invoice Ninja is a source-available invoice, quote, project and time-tracking app built with Laravel. Invoice line item descriptions in Invoice Ninja v5.13.0 bypass the XSS denylist filter, allowing stored XSS payloads to execute when invoices are rendered in the PDF preview or client portal. The...
CVE-2026-33742
Invoice Ninja (Laravel-based) v5.13.0 contains a stored XSS flaw in product notes through Markdown rendering, where raw HTML output was not sanitized before being embedded in invoice templates. The issue is explicitly fixed in v5.13.4 by applying purify::clean() to Markdown output. The vulnerabil...
EUVD-2026-16418
Invoice Ninja is a source-available invoice, quote, project and time-tracking app built with Laravel. Product notes fields in Invoice Ninja v5.13.0 allow raw HTML via Markdown rendering, enabling stored XSS. The Markdown parser output was not sanitized with purify::clean before being included in...
CVE-2026-33742 Invoice Ninja has Stored XSS via Markdown HTML Injection in Product Notes
Invoice Ninja is a source-available invoice, quote, project and time-tracking app built with Laravel. Product notes fields in Invoice Ninja v5.13.0 allow raw HTML via Markdown rendering, enabling stored XSS. The Markdown parser output was not sanitized with purify::clean before being included in...
CVE-2026-33742 Invoice Ninja has Stored XSS via Markdown HTML Injection in Product Notes
Invoice Ninja is a source-available invoice, quote, project and time-tracking app built with Laravel. Product notes fields in Invoice Ninja v5.13.0 allow raw HTML via Markdown rendering, enabling stored XSS. The Markdown parser output was not sanitized with purify::clean before being included in...
CVE-2026-33742 Invoice Ninja has Stored XSS via Markdown HTML Injection in Product Notes
Invoice Ninja is a source-available invoice, quote, project and time-tracking app built with Laravel. Product notes fields in Invoice Ninja v5.13.0 allow raw HTML via Markdown rendering, enabling stored XSS. The Markdown parser output was not sanitized with purify::clean before being included in...
CVE-2026-33742
Invoice Ninja is a source-available invoice, quote, project and time-tracking app built with Laravel. Product notes fields in Invoice Ninja v5.13.0 allow raw HTML via Markdown rendering, enabling stored XSS. The Markdown parser output was not sanitized with purify::clean before being included in...
CVE-2026-33628 Invoice Ninja Denylist Bypass may Lead to Stored XSS via Invoice Line Items
Invoice Ninja is a source-available invoice, quote, project and time-tracking app built with Laravel. Invoice line item descriptions in Invoice Ninja v5.13.0 bypass the XSS denylist filter, allowing stored XSS payloads to execute when invoices are rendered in the PDF preview or client portal. The...