14 matches found
CVE-2026-0649 invoiceninja Migration Import Import.php copy server-side request forgery
A security vulnerability has been detected in invoiceninja up to 5.12.38. The affected element is the function copy of the file /app/Jobs/Util/Import.php of the component Migration Import. The manipulation of the argument companylogo leads to server-side request forgery. It is possible to initiat...
PT-2026-1550
Name of the Vulnerable Software and Affected Versions invoiceninja versions prior to 5.12.38 Description A security issue exists in invoiceninja. The issue involves server-side request forgery SSRF stemming from manipulation of the company logo argument within the copy function of the...
EUVD-2022-0741
Malicious code in bioql PyPI...
CVE-2021-3977
invoiceninja is vulnerable to Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting'...
invoiceninja cross-site scripting vulnerability
invoiceninja is an open source invoicing application built with Laravel and Flutter. invoiceninja suffers from a cross-site scripting vulnerability that can be exploited by attackers to execute malicious scripts...
GHSA-XG6R-5GX4-QXJM invoiceninja is vulnerable to Cross-site Scripting
invoiceninja is vulnerable to Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting'...
invoiceninja is vulnerable to Cross-site Scripting
invoiceninja is vulnerable to Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting'...
CVE-2021-3977
invoiceninja is vulnerable to Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting'...
Cross site scripting
invoiceninja is vulnerable to Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting'...
CVE-2021-3977 Cross-site Scripting (XSS) - Stored in invoiceninja/invoiceninja
invoiceninja is vulnerable to Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting'...
CVE-2021-3977
CVE-2021-3977 affects invoiceninja. The connected sources describe a Cross-site Scripting (XSS) vulnerability caused by improper neutralization of input during web page generation, enabling attacker-supplied scripts to execute in a victim’s browser. The issue is documented across multiple feeds (...
invoiceninja 跨站脚本漏洞
invoiceninja is an open source invoicing application built with Laravel and Flutter. invoiceninja suffers from a cross-site scripting vulnerability that can be exploited by attackers to execute malicious scripts...
Cross-site Scripting (XSS) - Stored in invoiceninja/invoiceninja
Description In recent InvoiceNinja version 9d7145c in /documents it is possible to store svg file with html/js content, which later can be used to phish other users Proof of Concept POST /documents HTTP/1.1 Host: 172.17.0.1:8888 User-Agent: Mozilla/5.0 X11; Linux x8664; rv:95.0 Gecko/20100101...
app.invoiceninja.com Open Redirect vulnerability
Vulnerable URL: https://app.invoiceninja.com/invoicenow?redirectto=//www.openbugbounty.org/ Details: Description| Value ---|--- Patched:| Yes, at 18.09.2017 Latest check for patch:| 18.09.2017 09:55 GMT Vulnerability type:| Open Redirect Vulnerability status:| Publicly disclosed Alexa Rank| Unkno...