4 matches found
CVE-2026-24744
InvoicePlane is a self-hosted open source application for managing invoices, clients, and payments. A Stored Cross-Site Scripting XSS vulnerability occurs in the Edit Invoices functions of InvoicePlane version 1.7.0. When editing invoices, the application does not validate user input at the...
CVE-2026-24744
InvoicePlane is a self-hosted open source application for managing invoices, clients, and payments. A Stored Cross-Site Scripting XSS vulnerability occurs in the Edit Invoices functions of InvoicePlane version 1.7.0. When editing invoices, the application does not validate user input at the...
CVE-2026-24744
InvoicePlane 1.7.0 is affected by a Stored Cross-Site Scripting (XSS) vulnerability in the Edit Invoices functionality, where input validation is missing for the invoice_number parameter. Exploitation requires administrator privileges, and the issue can enable unauthorized modification of data, p...
CVE-2026-24744 InvoicePlane has a Stored Cross-Site Scripting (XSS) issue
InvoicePlane is a self-hosted open source application for managing invoices, clients, and payments. A Stored Cross-Site Scripting XSS vulnerability occurs in the Edit Invoices functions of InvoicePlane version 1.7.0. When editing invoices, the application does not validate user input at the...