CVE-2026-24746

InvoicePlane is a self-hosted open source application for managing invoices, clients, and payments. A Stored Cross-Site Scripting XSS vulnerability occurs in the Edit Quotes functions of InvoicePlane version 1.7.0. In the Editing Quotes function, the application does not validate user input at th...

CVE-2026-24746

CVE-2026-24746 is a Stored Cross-Site Scripting vulnerability in InvoicePlane 1.7.0 within the Edit Quotes function. Exploitation requires administrator privileges and user interaction; the CVSSv3.1 base score is 5.7 (Medium) with PR:H and UI:R, indicating impact to integrity and limited confiden...

CVE-2026-24746 InvoicePlane has a Stored Cross-Site Scripting (XSS) issue

InvoicePlane is a self-hosted open source application for managing invoices, clients, and payments. A Stored Cross-Site Scripting XSS vulnerability occurs in the Edit Quotes functions of InvoicePlane version 1.7.0. In the Editing Quotes function, the application does not validate user input at th...

InvoicePlane 安全漏洞

InvoicePlane is an open-source application developed by InvoicePlane. It provides a self-hosted open-source tool for managing quotes, invoices, customers, and payments. Version 1.7.0 of InvoicePlane contains a security vulnerability. This vulnerability stems from the lack of validation for user...