Exploit for Cross-site Scripting in Invoiceplane

CVE-2026-25595 — Stored XSS via Invoice Number in InvoicePlane...

CVE-2026-25595

InvoicePlane 1.7.0 has a stored XSS vulnerability in the Invoice Number field. An authenticated administrator can inject JavaScript that executes when an admin views the affected invoice or visits the dashboard. The issue is fixed in version 1.7.1. CVSS v3.1 base score is 4.8 (Medium); attack vec...

EUVD-2025-203770

InvoicePlane commit debb446c is vulnerable to Incorrect Access Control. The invoices/view handler fails to verify ownership before returning invoice data...

CVE-2025-64012

InvoicePlane commit debb446c is vulnerable to Incorrect Access Control. The invoices/view handler fails to verify ownership before returning invoice data...

CVE-2025-64012

InvoicePlane commit debb446c is vulnerable to Incorrect Access Control. The invoices/view handler fails to verify ownership before returning invoice data...

PT-2025-51684

Name of the Vulnerable Software and Affected Versions InvoicePlane versions prior to commit debb446c Description The software contains an issue related to incorrect access control. Specifically, the invoices/view handler does not properly verify ownership before disclosing invoice data. This coul...

CVE-2025-64012

InvoicePlane commit debb446c is vulnerable to Incorrect Access Control. The invoices/view handler fails to verify ownership before returning invoice data...

PT-2024-17708 · Unknown · Invoiceplane

Name of the Vulnerable Software and Affected Versions: InvoicePlane versions up to 1.6.1 Description: A vulnerability was found in InvoicePlane, affecting some unknown functionality of the file /invoices/view. The manipulation leads to session expiration. The attack may be launched remotely, with...

InvoicePlane 代码问题漏洞

InvoicePlane is an application from InvoicePlane Open Source. Provides a self-hosted open source application for managing your quotes, invoices, customers and payments. A code issue vulnerability exists in InvoicePlane 1.6.1 and prior versions, which stems from the fact that the file /invoices/vi...

PT-2023-32656 · Unknown · Bigprof Online Invoicing System

Name of the Vulnerable Software and Affected Versions: BigProf Online Invoicing System version 2.6 Description: A vulnerability has been discovered in the BigProf Online Invoicing System, which does not sufficiently encode user-controlled input, resulting in persistent XSS through the...

BigProf Online Invoicing System Cross-Site Scripting Vulnerability

BigProf Online Invoicing System OIS is an online invoicing system. A cross-site scripting vulnerability exists in BigProf Online Invoicing System version 2.6, which originates from a cross-site scripting vulnerability in the FirstRecord parameter of /invoicing/app/invoicesview.php...

BigProf Online Invoicing System Security Vulnerability

BigProf Online Invoicing System OIS is an online invoicing system. A security vulnerability exists in BigProf Online Invoicing System version 2.6, which originates from a cross-site scripting vulnerability in the FirstRecord parameter of /invoicing/app/invoicesview.php...