Lucene search
+L

14 matches found

vulnrichment
vulnrichment
added 2026/01/07 12:32 a.m.4 views

CVE-2026-0649 invoiceninja Migration Import Import.php copy server-side request forgery

A security vulnerability has been detected in invoiceninja up to 5.12.38. The affected element is the function copy of the file /app/Jobs/Util/Import.php of the component Migration Import. The manipulation of the argument companylogo leads to server-side request forgery. It is possible to initiat...

5.8CVSS6.4AI score0.00223EPSS
Exploits0References4
ptsecurity
ptsecurity
added 2026/01/07 12:0 a.m.5 views

PT-2026-1550

Name of the Vulnerable Software and Affected Versions invoiceninja versions prior to 5.12.38 Description A security issue exists in invoiceninja. The issue involves server-side request forgery SSRF stemming from manipulation of the company logo argument within the copy function of the...

5.8CVSS6.5AI score0.00223EPSS
Exploits0References8
euvd
euvd
added 2025/10/03 8:7 p.m.4 views

EUVD-2022-0741

Malicious code in bioql PyPI...

6.5CVSS6.1AI score0.00592EPSS
Exploits1References5
redhatcve
redhatcve
added 2025/05/22 9:29 p.m.5 views

CVE-2021-3977

invoiceninja is vulnerable to Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting'...

6.5CVSS6.7AI score0.00592EPSS
Exploits1References1
cnvd
cnvd
added 2022/05/19 12:0 a.m.35 views

invoiceninja cross-site scripting vulnerability

invoiceninja is an open source invoicing application built with Laravel and Flutter. invoiceninja suffers from a cross-site scripting vulnerability that can be exploited by attackers to execute malicious scripts...

3.5CVSS3.8AI score0.00592EPSS
Exploits1
osv
osv
added 2022/01/06 9:58 p.m.148 views

GHSA-XG6R-5GX4-QXJM invoiceninja is vulnerable to Cross-site Scripting

invoiceninja is vulnerable to Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting'...

5.4CVSS5.3AI score0.00592EPSS
Exploits1References5
github
github
added 2022/01/06 9:58 p.m.22 views

invoiceninja is vulnerable to Cross-site Scripting

invoiceninja is vulnerable to Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting'...

6.5CVSS2.4AI score0.00592EPSS
Exploits1References5Affected Software1
osv
osv
added 2021/12/24 8:15 p.m.15 views

CVE-2021-3977

invoiceninja is vulnerable to Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting'...

5.4CVSS6.7AI score
Exploits0References2
prion
prion
added 2021/12/24 8:15 p.m.13 views

Cross site scripting

invoiceninja is vulnerable to Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting'...

3.5CVSS5.4AI score0.00592EPSS
Exploits1References2Affected Software1
cvelist
cvelist
added 2021/12/24 8:10 p.m.23 views

CVE-2021-3977 Cross-site Scripting (XSS) - Stored in invoiceninja/invoiceninja

invoiceninja is vulnerable to Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting'...

6.5CVSS5.7AI score0.00592EPSS
Exploits1References2
cve
cve
added 2021/12/24 8:10 p.m.93 views

CVE-2021-3977

CVE-2021-3977 affects invoiceninja. The connected sources describe a Cross-site Scripting (XSS) vulnerability caused by improper neutralization of input during web page generation, enabling attacker-supplied scripts to execute in a victim’s browser. The issue is documented across multiple feeds (...

6.5CVSS5.5AI score0.00592EPSS
Exploits1References2Affected Software1
cnnvd
cnnvd
added 2021/12/24 12:0 a.m.3 views

invoiceninja 跨站脚本漏洞

invoiceninja is an open source invoicing application built with Laravel and Flutter. invoiceninja suffers from a cross-site scripting vulnerability that can be exploited by attackers to execute malicious scripts...

6.5CVSS5.3AI score0.00592EPSS
Exploits1References3
huntr
huntr
added 2021/11/17 5:55 p.m.16 views

Cross-site Scripting (XSS) - Stored in invoiceninja/invoiceninja

Description In recent InvoiceNinja version 9d7145c in /documents it is possible to store svg file with html/js content, which later can be used to phish other users Proof of Concept POST /documents HTTP/1.1 Host: 172.17.0.1:8888 User-Agent: Mozilla/5.0 X11; Linux x8664; rv:95.0 Gecko/20100101...

3.5CVSS5.4AI score0.00592EPSS
Exploits1
openbugbounty
openbugbounty
added 2017/05/31 12:34 a.m.9 views

app.invoiceninja.com Open Redirect vulnerability

Vulnerable URL: https://app.invoiceninja.com/invoicenow?redirectto=//www.openbugbounty.org/ Details: Description| Value ---|--- Patched:| Yes, at 18.09.2017 Latest check for patch:| 18.09.2017 09:55 GMT Vulnerability type:| Open Redirect Vulnerability status:| Publicly disclosed Alexa Rank| Unkno...

6.9AI score
Exploits0
Rows per page
Query Builder