CVE-2026-33628 Invoice Ninja Denylist Bypass may Lead to Stored XSS via Invoice Line Items

Invoice Ninja is a source-available invoice, quote, project and time-tracking app built with Laravel. Invoice line item descriptions in Invoice Ninja v5.13.0 bypass the XSS denylist filter, allowing stored XSS payloads to execute when invoices are rendered in the PDF preview or client portal. The...

CVE-2026-33628 Invoice Ninja Denylist Bypass may Lead to Stored XSS via Invoice Line Items

Invoice Ninja is a source-available invoice, quote, project and time-tracking app built with Laravel. Invoice line item descriptions in Invoice Ninja v5.13.0 bypass the XSS denylist filter, allowing stored XSS payloads to execute when invoices are rendered in the PDF preview or client portal. The...

GHSA-98WM-CXPW-847P Invoice Ninja Denylist Bypass may Lead to Stored XSS via Invoice Line Items

Vulnerability Details Invoice line item descriptions in Invoice Ninja v5.13.0 bypass the XSS denylist filter, allowing stored XSS payloads to execute when invoices are rendered in the PDF preview or client portal. The line item description field was not passed through purify::clean before...

PT-2026-27631

Name of the Vulnerable Software and Affected Versions Invoice Ninja versions 5.13.0 through 5.13.3 Description Invoice Ninja allows for the execution of stored cross-site scripting XSS payloads through invoice line item descriptions in versions 5.13.0 through 5.13.3. The line item description fie...

GHSA-7J9P-67MM-5G87 LTI 1.3 Grade Pass Back Implementation has Missing Authorization Vulnerability

Problem TL;DR: Any LTI tool that is integrated with on the Open edX platform can post a grade back for any LTI XBlock so long as it knows or can guess the block location for that XBlock. In LTI 1.3, LTI tools can "pass back" scores that learners earn while using LTI tools to the edX platform. The...

CVE-2023-23611

LTI Consumer XBlock implements the consumer side of the LTI specification enabling integration of third-party LTI provider tools. Versions 7.0.0 and above, prior to 7.2.2, are vulnerable to Missing Authorization. Any LTI tool that is integrated with on the Open edX platform can post a grade back...

CVE-2023-23611 xblock-lti-consumer contain Missing Authorization in Grade Pass Back Implementation

LTI Consumer XBlock implements the consumer side of the LTI specification enabling integration of third-party LTI provider tools. Versions 7.0.0 and above, prior to 7.2.2, are vulnerable to Missing Authorization. Any LTI tool that is integrated with on the Open edX platform can post a grade back...

WHMCS 4.x (invoicefunctions.php, id param) - SQL Injection Vulnerability

No description provided by source. Title: WHMCS 4.x SQL Injection Vulnerability Google Dork: intext:Powered by WHMCompleteSolution OR inurl:submitticket.php?? Author: Ahmed Aboul-Ela Contact: Ahmed.Aboul3laatgmaildotcom Date: 14/5/2013 Vendor: http://www.whmcs.com Version: 4.5.2 and perior versio...