CVE-2026-34365 InvoiceShelf: SSRF in Estimate PDF Rendering via Unsanitised HTML in Notes Field

InvoiceShelf is an open-source web & mobile app that helps track expenses, payments and create professional invoices and estimates. Prior to version 2.2.0, a Server-Side Request Forgery SSRF vulnerability exists in the Estimate PDF generation module. User-supplied HTML in the estimate Notes field...

InvoiceShelf 代码问题漏洞

InvoiceShelf is an open-source invoice and expense management application developed by InvoiceShelf. Versions of InvoiceShelf prior to 2.2.0 had code vulnerabilities. These vulnerabilities stemmed from the Estimate PDF generation module, where HTML provided by users was passed to the Dompdf...

CVE-2025-55903

A HTML injection vulnerability exists in Perfex CRM v3.3.1. The application fails to sanitize user input in the "Bill To" address field within the estimate module. As a result, arbitrary HTML can be injected and rendered unescaped in client-facing documents...

PT-2025-41594

Name of the Vulnerable Software and Affected Versions Perfex CRM version 3.3.1 Description The application does not properly sanitize user input in the "Bill To" address field within the estimate module. This allows for the injection of arbitrary HTML that is rendered without escaping in...

CVE-2025-55903

Summary: CVE-2025-55903 affects Perfex CRM v3.3.1 due to a failure to sanitize input in the “Bill To” address field of the estimate module, allowing HTML injection and unescaped rendering in client-facing documents. The issue is documented across multiple sources (NVD, Red Hat, EUVD, CNNVD, etc.)...