34 matches found
Exploit for Cross-site Scripting in Invoiceplane
CVE-2026-25595 — Stored XSS via Invoice Number in InvoicePlane...
CVE-2026-25595
InvoicePlane is a self-hosted open source application for managing invoices, clients, and payments. A Stored Cross-Site Scripting XSS vulnerability exists in InvoicePlane 1.7.0 via the Invoice Number field. An authenticated administrator can inject malicious JavaScript that executes when any...
CVE-2026-24744
InvoicePlane is a self-hosted open source application for managing invoices, clients, and payments. A Stored Cross-Site Scripting XSS vulnerability occurs in the Edit Invoices functions of InvoicePlane version 1.7.0. When editing invoices, the application does not validate user input at the...
CVE-2026-25595
InvoicePlane is a self-hosted open source application for managing invoices, clients, and payments. A Stored Cross-Site Scripting XSS vulnerability exists in InvoicePlane 1.7.0 via the Invoice Number field. An authenticated administrator can inject malicious JavaScript that executes when any...
CVE-2026-25595 InvoicePlane has Stored XSS via Invoice Number in Invoice View and Dashboard
InvoicePlane is a self-hosted open source application for managing invoices, clients, and payments. A Stored Cross-Site Scripting XSS vulnerability exists in InvoicePlane 1.7.0 via the Invoice Number field. An authenticated administrator can inject malicious JavaScript that executes when any...
CVE-2026-25595
InvoicePlane 1.7.0 has a stored XSS vulnerability in the Invoice Number field. An authenticated administrator can inject JavaScript that executes when an admin views the affected invoice or visits the dashboard. The issue is fixed in version 1.7.1. CVSS v3.1 base score is 4.8 (Medium); attack vec...
CVE-2026-25595 InvoicePlane has Stored XSS via Invoice Number in Invoice View and Dashboard
InvoicePlane is a self-hosted open source application for managing invoices, clients, and payments. A Stored Cross-Site Scripting XSS vulnerability exists in InvoicePlane 1.7.0 via the Invoice Number field. An authenticated administrator can inject malicious JavaScript that executes when any...
CVE-2026-25595 InvoicePlane has Stored XSS via Invoice Number in Invoice View and Dashboard
InvoicePlane is a self-hosted open source application for managing invoices, clients, and payments. A Stored Cross-Site Scripting XSS vulnerability exists in InvoicePlane 1.7.0 via the Invoice Number field. An authenticated administrator can inject malicious JavaScript that executes when any...
CVE-2026-24744
InvoicePlane is a self-hosted open source application for managing invoices, clients, and payments. A Stored Cross-Site Scripting XSS vulnerability occurs in the Edit Invoices functions of InvoicePlane version 1.7.0. When editing invoices, the application does not validate user input at the...
CVE-2026-24744 InvoicePlane has a Stored Cross-Site Scripting (XSS) issue
InvoicePlane is a self-hosted open source application for managing invoices, clients, and payments. A Stored Cross-Site Scripting XSS vulnerability occurs in the Edit Invoices functions of InvoicePlane version 1.7.0. When editing invoices, the application does not validate user input at the...
CVE-2026-24744 InvoicePlane has a Stored Cross-Site Scripting (XSS) issue
InvoicePlane is a self-hosted open source application for managing invoices, clients, and payments. A Stored Cross-Site Scripting XSS vulnerability occurs in the Edit Invoices functions of InvoicePlane version 1.7.0. When editing invoices, the application does not validate user input at the...
CVE-2026-24744
InvoicePlane 1.7.0 is affected by a Stored XSS in the Edit Invoices flow via the invoice_number parameter due to missing input validation. Although exploitation requires administrator privileges, the vulnerability can lead to unauthorized data modification, and potentially persistent malicious sc...
InvoicePlane 跨站脚本漏洞
InvoicePlane is an open-source application developed by InvoicePlane. It provides a self-hosted open-source tool for managing your quotes, invoices, customers, and payments. Version 1.7.0 of InvoicePlane contains a cross-site scripting vulnerability. This vulnerability stems from the lack of inpu...
PT-2026-20551
Name of the Vulnerable Software and Affected Versions InvoicePlane versions prior to 1.7.1 Description A Stored Cross-Site Scripting XSS issue exists in InvoicePlane. An authenticated administrator can inject malicious JavaScript through the Invoice Number field. This injected script executes whe...
InvoicePlane 跨站脚本漏洞
InvoicePlane is an open-source application developed by InvoicePlane. It provides a self-hosted open-source tool for managing your quotes, invoices, customers, and payments. Version 1.7.0 of InvoicePlane contains a cross-site scripting vulnerability, which stems from improper handling of the...
EUVD-2021-26360
Malware in sbrugna...
CVE-2024-42561
Pharmacy Management System commit a2efc8 was discovered to contain a SQL injection vulnerability via the invoicenumber parameter at salesreport.php...
CVE-2024-42562
Pharmacy Management System commit a2efc8 was discovered to contain a SQL injection vulnerability via the invoicenumber parameter at preview.php...
CVE-2021-3005
MK-AUTH through 19.01 K4.9 allows remote attackers to obtain sensitive information e.g., a CPF number via a modified titulo aka invoice number value to the central/recibo.php URI...
CVE-2024-10136
A vulnerability was found in code-projects Pharmacy Management System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /manageinvoice.php. The manipulation of the argument invoicenumber leads to sql injection. The attack can be initiated remotely. The...