Lucene search
K

39 matches found

NVD
NVD
added 2026/07/05 8:16 p.m.7 views

CVE-2026-14767

A security flaw has been discovered in CodeAstro Ecommerce Website 1.0. This affects an unknown part of the file /ecommerce-website-php/customer/confirm.php of the component POST Parameter Handler. The manipulation of the argument invoiceno results in sql injection. The attack can be executed...

6.5CVSS0.00204EPSS
Exploits0References6
Cvelist
Cvelist
added 2026/07/05 7:45 p.m.23 views

CVE-2026-14767 CodeAstro Ecommerce Website POST Parameter confirm.php sql injection

A security flaw has been discovered in CodeAstro Ecommerce Website 1.0. This affects an unknown part of the file /ecommerce-website-php/customer/confirm.php of the component POST Parameter Handler. The manipulation of the argument invoiceno results in sql injection. The attack can be executed...

6.5CVSS0.00204EPSS
Exploits0References6
EUVD
EUVD
added 2026/07/05 7:45 p.m.7 views

EUVD-2026-41777

A security flaw has been discovered in CodeAstro Ecommerce Website 1.0. This affects an unknown part of the file /ecommerce-website-php/customer/confirm.php of the component POST Parameter Handler. The manipulation of the argument invoiceno results in sql injection. The attack can be executed...

6.5CVSS6.5AI score0.00204EPSS
Exploits0References6
ATTACKERKB
ATTACKERKB
added 2026/07/05 7:45 p.m.8 views

CVE-2026-14767

A security flaw has been discovered in CodeAstro Ecommerce Website 1.0. This affects an unknown part of the file /ecommerce-website-php/customer/confirm.php of the component POST Parameter Handler. The manipulation of the argument invoiceno results in sql injection. The attack can be executed...

6.5CVSS6.5AI score0.00204EPSS
Exploits0References6Affected Software1
CVE
CVE
added 2026/07/05 7:45 p.m.14 views

CVE-2026-14767

CodeAstro Ecommerce Website 1.0 contains a SQL injection in the POST Parameter Handler within /ecommerce-website-php/customer/confirm.php (invoice_no). The vulnerability can be triggered remotely; the exploit has been released publicly. The CVSS-derived metrics in the sources indicate network att...

6.5CVSS6.5AI score0.00204EPSS
Exploits0References6
GithubExploit
GithubExploit
added 2026/03/15 6:9 p.m.167 views

Exploit for Cross-site Scripting in Invoiceplane

CVE-2026-25595 — Stored XSS via Invoice Number in InvoicePlane...

4.8CVSS5.9AI score0.0021EPSS
Exploits2
RedhatCVE
RedhatCVE
added 2026/02/20 1:22 a.m.7 views

CVE-2026-24744

InvoicePlane is a self-hosted open source application for managing invoices, clients, and payments. A Stored Cross-Site Scripting XSS vulnerability occurs in the Edit Invoices functions of InvoicePlane version 1.7.0. When editing invoices, the application does not validate user input at the...

7.5CVSS5.7AI score0.0022EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/02/20 1:22 a.m.9 views

CVE-2026-25595

InvoicePlane is a self-hosted open source application for managing invoices, clients, and payments. A Stored Cross-Site Scripting XSS vulnerability exists in InvoicePlane 1.7.0 via the Invoice Number field. An authenticated administrator can inject malicious JavaScript that executes when any...

4.8CVSS5.6AI score0.0021EPSS
Exploits2References1
NVD
NVD
added 2026/02/18 11:16 p.m.12 views

CVE-2026-25595

InvoicePlane is a self-hosted open source application for managing invoices, clients, and payments. A Stored Cross-Site Scripting XSS vulnerability exists in InvoicePlane 1.7.0 via the Invoice Number field. An authenticated administrator can inject malicious JavaScript that executes when any...

4.8CVSS0.0021EPSS
Exploits2References2
CVE
CVE
added 2026/02/18 10:52 p.m.19 views

CVE-2026-25595

InvoicePlane 1.7.0 has a stored XSS vulnerability in the Invoice Number field. An authenticated administrator can inject JavaScript that executes when an admin views the affected invoice or visits the dashboard. The issue is fixed in version 1.7.1. CVSS v3.1 base score is 4.8 (Medium); attack vec...

4.8CVSS5.5AI score0.0021EPSS
Exploits2References2Affected Software1
Cvelist
Cvelist
added 2026/02/18 10:52 p.m.26 views

CVE-2026-25595 InvoicePlane has Stored XSS via Invoice Number in Invoice View and Dashboard

InvoicePlane is a self-hosted open source application for managing invoices, clients, and payments. A Stored Cross-Site Scripting XSS vulnerability exists in InvoicePlane 1.7.0 via the Invoice Number field. An authenticated administrator can inject malicious JavaScript that executes when any...

4.8CVSS0.0021EPSS
Exploits2References2
Vulnrichment
Vulnrichment
added 2026/02/18 10:52 p.m.5 views

CVE-2026-25595 InvoicePlane has Stored XSS via Invoice Number in Invoice View and Dashboard

InvoicePlane is a self-hosted open source application for managing invoices, clients, and payments. A Stored Cross-Site Scripting XSS vulnerability exists in InvoicePlane 1.7.0 via the Invoice Number field. An authenticated administrator can inject malicious JavaScript that executes when any...

4.8CVSS5.5AI score0.0021EPSS
Exploits2References2
OSV
OSV
added 2026/02/18 10:52 p.m.5 views

CVE-2026-25595 InvoicePlane has Stored XSS via Invoice Number in Invoice View and Dashboard

InvoicePlane is a self-hosted open source application for managing invoices, clients, and payments. A Stored Cross-Site Scripting XSS vulnerability exists in InvoicePlane 1.7.0 via the Invoice Number field. An authenticated administrator can inject malicious JavaScript that executes when any...

4.8CVSS5.6AI score0.0021EPSS
Exploits2References4
NVD
NVD
added 2026/02/18 10:16 p.m.10 views

CVE-2026-24744

InvoicePlane is a self-hosted open source application for managing invoices, clients, and payments. A Stored Cross-Site Scripting XSS vulnerability occurs in the Edit Invoices functions of InvoicePlane version 1.7.0. When editing invoices, the application does not validate user input at the...

7.5CVSS0.0022EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2026/02/18 9:1 p.m.6 views

CVE-2026-24744 InvoicePlane has a Stored Cross-Site Scripting (XSS) issue

InvoicePlane is a self-hosted open source application for managing invoices, clients, and payments. A Stored Cross-Site Scripting XSS vulnerability occurs in the Edit Invoices functions of InvoicePlane version 1.7.0. When editing invoices, the application does not validate user input at the...

5.7CVSS5.6AI score0.0022EPSS
Exploits1References2
CVE
CVE
added 2026/02/18 9:1 p.m.15 views

CVE-2026-24744

InvoicePlane 1.7.0 is affected by a Stored Cross-Site Scripting (XSS) vulnerability in the Edit Invoices functionality, where input validation is missing for the invoice_number parameter. Exploitation requires administrator privileges, and the issue can enable unauthorized modification of data, p...

7.5CVSS5.7AI score0.0022EPSS
Exploits1References2Affected Software1
OSV
OSV
added 2026/02/18 9:1 p.m.6 views

CVE-2026-24744 InvoicePlane has a Stored Cross-Site Scripting (XSS) issue

InvoicePlane is a self-hosted open source application for managing invoices, clients, and payments. A Stored Cross-Site Scripting XSS vulnerability occurs in the Edit Invoices functions of InvoicePlane version 1.7.0. When editing invoices, the application does not validate user input at the...

5.7CVSS5.7AI score0.0022EPSS
Exploits1References4
CNNVD
CNNVD
added 2026/02/18 12:0 a.m.9 views

InvoicePlane 跨站脚本漏洞

InvoicePlane is an open-source application developed by InvoicePlane. It provides a self-hosted open-source tool for managing your quotes, invoices, customers, and payments. Version 1.7.0 of InvoicePlane contains a cross-site scripting vulnerability. This vulnerability stems from the lack of inpu...

7.5CVSS5.6AI score0.0022EPSS
Exploits1References2
CNNVD
CNNVD
added 2026/02/18 12:0 a.m.10 views

InvoicePlane 跨站脚本漏洞

InvoicePlane is an open-source application developed by InvoicePlane. It provides a self-hosted open-source tool for managing your quotes, invoices, customers, and payments. Version 1.7.0 of InvoicePlane contains a cross-site scripting vulnerability, which stems from improper handling of the...

4.8CVSS5.7AI score0.0021EPSS
Exploits2References2
Positive Technologies
Positive Technologies
added 2026/02/18 12:0 a.m.8 views

PT-2026-20551

Name of the Vulnerable Software and Affected Versions InvoicePlane versions prior to 1.7.1 Description A Stored Cross-Site Scripting XSS issue exists in InvoicePlane. An authenticated administrator can inject malicious JavaScript through the Invoice Number field. This injected script executes whe...

4.8CVSS5.4AI score0.0021EPSS
Exploits2References8
Rows per page
Query Builder