2 matches found
CVE-2026-24745
Summary of CVE-2026-24745 : InvoicePlane 1.7.0 is vulnerable to a Stored Cross-Site Scripting (XSS) issue in the Upload Login Logo feature, which accepts SVG uploads. The root cause is improper handling of uploaded SVG content, enabling stored script execution. Impact described in sources include...
CVE-2026-24745 InvoicePlane has a Stored Cross-Site Scripting (XSS) issue
InvoicePlane is a self-hosted open source application for managing invoices, clients, and payments. A Stored Cross-Site Scripting XSS vulnerability occurs in the upload Login Logo functions of InvoicePlane version 1.7.0. In the Upload Login Logo, the application allows uploading svg files. Althou...