CVE-2026-24746
InvoicePlane 1.7.0 contains a Stored Cross‑Site Scripting (XSS) flaw in the Edit Quotes workflow (quote_number input) that is exploitable with administrator privileges. The issue can lead to unauthorized data modification and persistence of malicious scripts, potentially compromising application ...