CVE-2017-18217
InvoicePlane prior to 1.5.5 is affected by a cross-site scripting vulnerability in the Email address and Web address parameters, exploitable via the affected view files: application/modules/clients/views/view.php, application/modules/invoices/views/view.php, and application/modules/quotes/views/v...