28 matches found
CVE-2026-25596
InvoicePlane is a self-hosted open source application for managing invoices, clients, and payments. A Stored Cross-Site Scripting XSS vulnerability exists in InvoicePlane 1.7.0 via the Product Unit Name fields. An authenticated administrator can inject malicious JavaScript that executes when any...
CVE-2026-24745
InvoicePlane is a self-hosted open source application for managing invoices, clients, and payments. A Stored Cross-Site Scripting XSS vulnerability occurs in the upload Login Logo functions of InvoicePlane version 1.7.0. In the Upload Login Logo, the application allows uploading svg files. Althou...
CVE-2026-25594
InvoicePlane is a self-hosted open source application for managing invoices, clients, and payments. A Stored Cross-Site Scripting XSS vulnerability exists in InvoicePlane 1.7.0 via the Family Name field. The familyname value is rendered without HTML encoding inside the family dropdown on the...
CVE-2026-25595
InvoicePlane is a self-hosted open source application for managing invoices, clients, and payments. A Stored Cross-Site Scripting XSS vulnerability exists in InvoicePlane 1.7.0 via the Invoice Number field. An authenticated administrator can inject malicious JavaScript that executes when any...
EUVD-2017-1507
Malware in sbrugna...
EUVD-2017-9349
Malware in sbrugna...
EUVD-2024-54327
Malicious code in bioql PyPI...
EUVD-2024-51041
Malicious code in bioql PyPI...
EUVD-2024-50806
Malicious code in bioql PyPI...
CVE-2024-12478
A vulnerability was found in InvoicePlane up to 1.6.1. It has been declared as critical. This vulnerability affects the function uploadfile of the file /index.php/upload/uploadfile/1/1. The manipulation of the argument file leads to unrestricted upload. The attack can be initiated remotely. The...
CVE-2024-12667
A vulnerability was found in InvoicePlane up to 1.6.1 and classified as problematic. Affected by this issue is some unknown functionality of the file /invoices/view. The manipulation leads to session expiration. The attack may be launched remotely. The complexity of an attack is rather high. The...
CVE-2024-12362
A vulnerability was found in InvoicePlane up to 1.6.1. It has been classified as problematic. This affects the function download of the file invoices.php. The manipulation of the argument invoice leads to path traversal. It is possible to initiate the attack remotely. The exploit has been disclos...
CVE-2017-1000238
InvoicePlane version 1.4.10 is vulnerable to a Arbitrary File Upload resulting in an authenticated user can upload a malicious file to the webserver. It is possible for an attacker to upload a script which is able to compromise the webserver...
CVE-2024-56975
InvoicePlane all versions tested as of December 2024 v.1.6.11 and before contains a remote code execution vulnerability in the uploadfile method of the Upload controller...
CVE-2024-56975
InvoicePlane all versions tested as of December 2024 v.1.6.11 and before contains a remote code execution vulnerability in the uploadfile method of the Upload controller...
CVE-2024-56975
InvoicePlane all versions tested as of December 2024 v.1.6.11 and before contains a remote code execution vulnerability in the uploadfile method of the Upload controller...
CVE-2024-56975
InvoicePlane all versions tested as of December 2024 v.1.6.11 and before contains a remote code execution vulnerability in the uploadfile method of the Upload controller...
CVE-2024-56975
InvoicePlane all versions tested as of December 2024 v.1.6.11 and before contains a remote code execution vulnerability in the uploadfile method of the Upload controller...
CVE-2024-12667
A vulnerability was found in InvoicePlane up to 1.6.1 and classified as problematic. Affected by this issue is some unknown functionality of the file /invoices/view. The manipulation leads to session expiration. The attack may be launched remotely. The complexity of an attack is rather high. The...
CVE-2024-12667 InvoicePlane view session expiration
A vulnerability was found in InvoicePlane up to 1.6.1 and classified as problematic. Affected by this issue is some unknown functionality of the file /invoices/view. The manipulation leads to session expiration. The attack may be launched remotely. The complexity of an attack is rather high. The...