5 matches found
CVE-2026-24746
InvoicePlane is a self-hosted open source application for managing invoices, clients, and payments. A Stored Cross-Site Scripting XSS vulnerability occurs in the Edit Quotes functions of InvoicePlane version 1.7.0. In the Editing Quotes function, the application does not validate user input at th...
CVE-2026-24746
InvoicePlane is a self-hosted open source application for managing invoices, clients, and payments. A Stored Cross-Site Scripting XSS vulnerability occurs in the Edit Quotes functions of InvoicePlane version 1.7.0. In the Editing Quotes function, the application does not validate user input at th...
CVE-2026-24746 InvoicePlane has a Stored Cross-Site Scripting (XSS) issue
InvoicePlane is a self-hosted open source application for managing invoices, clients, and payments. A Stored Cross-Site Scripting XSS vulnerability occurs in the Edit Quotes functions of InvoicePlane version 1.7.0. In the Editing Quotes function, the application does not validate user input at th...
CVE-2026-24746
CVE-2026-24746 is a Stored Cross-Site Scripting vulnerability in InvoicePlane 1.7.0 within the Edit Quotes function. Exploitation requires administrator privileges and user interaction; the CVSSv3.1 base score is 5.7 (Medium) with PR:H and UI:R, indicating impact to integrity and limited confiden...
PT-2026-20507
Name of the Vulnerable Software and Affected Versions InvoicePlane version 1.7.0 Description InvoicePlane is a self-hosted open source application used for managing invoices, clients, and payments. A Stored Cross-Site Scripting XSS issue exists in the Edit Quotes function. The application does no...