CVE-2026-26281

InvoicePlane is a self-hosted open source application for managing invoices, clients, and payments. A stored cross-site scripting XSS vulnerability in the Sumex invoice view allows an authenticated user with client and invoice management privileges to execute arbitrary JavaScript in the browser o...

CVE-2026-26281

InvoicePlane is a self-hosted open source application for managing invoices, clients, and payments. A stored cross-site scripting XSS vulnerability in the Sumex invoice view allows an authenticated user with client and invoice management privileges to execute arbitrary JavaScript in the browser o...

CVE-2026-26281

InvoicePlane has a stored XSS in the Sumex invoice view. An authenticated user with client/invoice management privileges can inject JavaScript that runs in other users’ browsers viewing the invoice, potentially enabling session hijacking and data theft. A fixed version is 1.7.1. Remediate by upgr...

CVE-2026-26281 InvoicePlane has Stored Cross-Site Scripting (XSS) Issue in Sumex Invoice View

InvoicePlane is a self-hosted open source application for managing invoices, clients, and payments. A stored cross-site scripting XSS vulnerability in the Sumex invoice view allows an authenticated user with client and invoice management privileges to execute arbitrary JavaScript in the browser o...

CVE-2026-26281 InvoicePlane has Stored Cross-Site Scripting (XSS) Issue in Sumex Invoice View

InvoicePlane is a self-hosted open source application for managing invoices, clients, and payments. A stored cross-site scripting XSS vulnerability in the Sumex invoice view allows an authenticated user with client and invoice management privileges to execute arbitrary JavaScript in the browser o...

CVE-2026-26281 InvoicePlane has Stored Cross-Site Scripting (XSS) Issue in Sumex Invoice View

InvoicePlane is a self-hosted open source application for managing invoices, clients, and payments. A stored cross-site scripting XSS vulnerability in the Sumex invoice view allows an authenticated user with client and invoice management privileges to execute arbitrary JavaScript in the browser o...

CVE-2026-25595 InvoicePlane has Stored XSS via Invoice Number in Invoice View and Dashboard

InvoicePlane is a self-hosted open source application for managing invoices, clients, and payments. A Stored Cross-Site Scripting XSS vulnerability exists in InvoicePlane 1.7.0 via the Invoice Number field. An authenticated administrator can inject malicious JavaScript that executes when any...

InvoicePlane 跨站脚本漏洞

InvoicePlane is an open-source application developed by InvoicePlane. It provides a self-hosted open-source tool for managing your quotes, invoices, customers, and payments. Version 1.7.0 of InvoicePlane contains a cross-site scripting vulnerability. This vulnerability allows authenticated users ...

PT-2026-20552

Name of the Vulnerable Software and Affected Versions InvoicePlane version 1.7.0 InvoicePlane versions prior to 1.7.1 Description A Stored Cross-Site Scripting XSS issue exists in InvoicePlane. An authenticated administrator can inject malicious JavaScript through the Product Unit Name fields. Th...

PT-2024-39753 · 3Scale · 3Scale

Name of the Vulnerable Software and Affected Versions: 3Scale affected versions not specified Description: A vulnerability was found in 3Scale where there is no authentication mechanism to view a PDF invoice of a Developer user if the URL is known. This allows anyone to see the invoice if the URL...

CVE-2024-5235

A vulnerability classified as critical has been found in Campcodes Complete Web-Based School Management System 1.0. Affected is an unknown function of the file /view/teachersalaryinvoice.php. The manipulation of the argument teacherid leads to sql injection. It is possible to launch the attack...

CVE-2024-5110

A vulnerability was found in Campcodes Complete Web-Based School Management System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /view/studentpaymentinvoice.php. The manipulation of the argument index leads to sql injection. The attack may be...

PT-2024-34524 · Unknown · Campcodes Complete Web-Based School Management System

Name of the Vulnerable Software and Affected Versions: Campcodes Complete Web-Based School Management System version 1.0 Description: A critical issue has been found in the system, affecting an unknown part of the file /view/student payment invoice1.php. The manipulation of the date argument lead...

CVE-2024-4524

A vulnerability, which was classified as problematic, was found in Campcodes Complete Web-Based School Management System 1.0. This affects an unknown part of the file /view/studentpaymentinvoice.php. The manipulation of the argument desc leads to cross site scripting. It is possible to initiate t...

CVE-2024-4518

A vulnerability was found in Campcodes Complete Web-Based School Management System 1.0. It has been declared as problematic. This vulnerability affects unknown code of the file /view/teachersalaryinvoice.php. The manipulation of the argument desc leads to cross site scripting. The attack can be...

CVE-2022-29983

Simple Client Management System 1.0 is vulnerable to SQL Injection via /cms/admin/?page=invoice/viewinvoice&id=...

CVE-2022-29983

Simple Client Management System 1.0 is vulnerable to SQL Injection via /cms/admin/?page=invoice/viewinvoice&id=...

Simple Client Management System SQL注入漏洞

Simple Client Management System is a simple client management system from Carlo Montero's personal developer. version 1.0 of Simple Client Management System is vulnerable to SQL injection, which stems from a lack of validation of external input SQL statements in /cms/admin/?page=...

DRZES Hms 3.2 - Multiple SQL Injections

source: https://www.securityfocus.com/bid/15644/info DRZES HMS is prone to multiple SQL injection vulnerabilities. These issues are due to a lack of proper sanitization of user-supplied input before it is used in SQL queries. Successful exploitation could result in a compromise of the application...