12 matches found
CVE-2026-34367
InvoiceShelf is an open-source web & mobile app that helps track expenses, payments and create professional invoices and estimates. Prior to version 2.2.0, a Server-Side Request Forgery SSRF vulnerability exists in the Invoice PDF generation module. User-supplied HTML in the invoice Notes field i...
CVE-2026-34367 InvoiceShelf: SSRF in Invoice PDF Rendering via Unsanitised HTML in Notes Field
InvoiceShelf is an open-source web & mobile app that helps track expenses, payments and create professional invoices and estimates. Prior to version 2.2.0, a Server-Side Request Forgery SSRF vulnerability exists in the Invoice PDF generation module. User-supplied HTML in the invoice Notes field i...
CVE-2026-34367
InvoiceShelf (open-source web/mobile app) is affected by a Server-Side Request Forgery (SSRF) in the PDF generation module prior to version 2.2.0. User-supplied HTML in the Notes field is passed unsanitised to the Dompdf renderer, which fetches remote resources referenced in the markup. The vulne...
CVE-2026-34366
InvoiceShelf is an open-source web & mobile app that helps track expenses, payments and create professional invoices and estimates. Prior to version 2.2.0, a Server-Side Request Forgery SSRF vulnerability exists in the Payment receipt PDF generation module. User-supplied HTML in the payment Notes...
InvoiceShelf 代码问题漏洞
InvoiceShelf is an open-source invoice and expense management application developed by InvoiceShelf. Versions of InvoiceShelf prior to 2.2.0 had code vulnerabilities. These vulnerabilities stemmed from the Estimate PDF generation module, where HTML provided by users was passed to the Dompdf...
Deserialization of Untrusted Data
Overview Affected versions of this package are vulnerable to Deserialization of Untrusted Data through the filegetcontents function. An attacker can execute arbitrary code by uploading a file with a malicious phar:// protocol, leading to the deserialization and instantiation of arbitrary PHP...
DEBIAN-CVE-2021-3902
An improper restriction of external entities XXE vulnerability in dompdf/dompdf's SVG parser allows for Server-Side Request Forgery SSRF and deserialization attacks. This issue affects all versions prior to 2.0.0. The vulnerability can be exploited even if the isRemoteEnabled option is set to...
DRUPAL-CONTRIB-2022-050
This module enables you to generate PDF versions of content. Some installations of the module make use of the dompdf/dompdf third-party dependency. Security vulnerabilities exist for versions of dompdf/dompdf before 2.0.0 as described in the 2.0.0 release notes...
DEBIAN-CVE-2022-2400
External Control of File Name or Path in GitHub repository dompdf/dompdf prior to 2.0.0...
CVE-2022-2400
External Control of File Name or Path in GitHub repository dompdf/dompdf prior to 2.0.0...
UBUNTU-CVE-2022-2400
External Control of File Name or Path in GitHub repository dompdf/dompdf prior to 2.0.0...
TYPO3 Extension ke_dompdf 0.0.3 Remote Code Execution Vulnerability
The TYPO3 extension kedompdf contains a version of the dompdf library including all files originally supplied with it. This includes an examples page, which contains different examples for HTML-entities rendered as a PDF. This page also allows users to enter their own HTML code into a text box to...