Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

14 matches found

RedhatCVE
RedhatCVEadded 2026/03/27 10:51 p.m.3 views

CVE-2026-33742

Invoice Ninja is a source-available invoice, quote, project and time-tracking app built with Laravel. Product notes fields in Invoice Ninja v5.13.0 allow raw HTML via Markdown rendering, enabling stored XSS. The Markdown parser output was not sanitized with purify::clean before being included in...

5.4CVSS5.9AI score0.00202EPSS
Exploits1References1
NVD
NVDadded 2026/03/26 9:17 p.m.4 views

CVE-2026-33742

Invoice Ninja is a source-available invoice, quote, project and time-tracking app built with Laravel. Product notes fields in Invoice Ninja v5.13.0 allow raw HTML via Markdown rendering, enabling stored XSS. The Markdown parser output was not sanitized with purify::clean before being included in...

5.4CVSS0.00202EPSS
Exploits1References2
Vulnrichment
Vulnrichmentadded 2026/03/26 8:50 p.m.0 views

CVE-2026-33742 Invoice Ninja has Stored XSS via Markdown HTML Injection in Product Notes

Invoice Ninja is a source-available invoice, quote, project and time-tracking app built with Laravel. Product notes fields in Invoice Ninja v5.13.0 allow raw HTML via Markdown rendering, enabling stored XSS. The Markdown parser output was not sanitized with purify::clean before being included in...

5.4CVSS5.9AI score0.00202EPSS
Exploits1References2
Cvelist
Cvelistadded 2026/03/26 8:50 p.m.18 views

CVE-2026-33742 Invoice Ninja has Stored XSS via Markdown HTML Injection in Product Notes

Invoice Ninja is a source-available invoice, quote, project and time-tracking app built with Laravel. Product notes fields in Invoice Ninja v5.13.0 allow raw HTML via Markdown rendering, enabling stored XSS. The Markdown parser output was not sanitized with purify::clean before being included in...

5.4CVSS0.00202EPSS
Exploits1References2
CVE
CVEadded 2026/03/26 8:50 p.m.9 views

CVE-2026-33742

Invoice Ninja (Laravel-based) v5.13.0 contains a stored XSS flaw in product notes through Markdown rendering, where raw HTML output was not sanitized before being embedded in invoice templates. The issue is explicitly fixed in v5.13.4 by applying purify::clean() to Markdown output. The vulnerabil...

5.4CVSS5.8AI score0.00202EPSS
Exploits1References2Affected Software1
OSV
OSVadded 2026/03/26 8:50 p.m.1 views

CVE-2026-33742 Invoice Ninja has Stored XSS via Markdown HTML Injection in Product Notes

Invoice Ninja is a source-available invoice, quote, project and time-tracking app built with Laravel. Product notes fields in Invoice Ninja v5.13.0 allow raw HTML via Markdown rendering, enabling stored XSS. The Markdown parser output was not sanitized with purify::clean before being included in...

5.4CVSS5.9AI score0.00202EPSS
Exploits1References4
Positive Technologies
Positive Technologiesadded 2026/03/26 12:0 a.m.3 views

PT-2026-28521

Name of the Vulnerable Software and Affected Versions Invoice Ninja versions 5.13.0 through 5.13.3 Description Invoice Ninja, an invoice, quote, project, and time-tracking application built with Laravel, has an issue where the product notes fields in versions 5.13.0 through 5.13.3 allow raw HTML...

5.4CVSS5.8AI score0.00202EPSS
Exploits1References4
CNNVD
CNNVDadded 2026/03/26 12:0 a.m.6 views

Invoice Ninja 跨站脚本漏洞

Invoice Ninja is an open-source application developed by Invoice Ninja, featuring functions for invoices, quotes, projects, and time tracking. Version 5.13.0 of Invoice Ninja contains a cross-site scripting vulnerability. This vulnerability stems from the product notes field allowing raw HTML to ...

5.4CVSS5.6AI score0.00202EPSS
Exploits1References2
EUVD
EUVDadded 2025/10/03 8:7 p.m.4 views

EUVD-2025-28159

Malicious code in bioql PyPI...

6.5CVSS6.6AI score0.00215EPSS
Exploits0References1
RedhatCVE
RedhatCVEadded 2025/05/21 3:14 p.m.6 views

CVE-2025-48239

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in WPFactory Product Notes Tab & Private Admin Notes for WooCommerce product-notes-for-woocommerce allows Stored XSS.This issue affects Product Notes Tab & Private Admin Notes for WooCommerce: from n/...

6.5CVSS5.9AI score0.00215EPSS
Exploits0References1
NVD
NVDadded 2025/05/19 3:15 p.m.12 views

CVE-2025-48239

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in WPFactory Product Notes Tab & Private Admin Notes for WooCommerce product-notes-for-woocommerce allows Stored XSS.This issue affects Product Notes Tab & Private Admin Notes for WooCommerce: from n/...

6.5CVSS0.00215EPSS
Exploits0References1
Patchstack
Patchstackadded 2023/07/18 12:0 a.m.5 views

WordPress Woo Admin Product Notes Plugin <= 1.0.0 is vulnerable to Cross Site Scripting (XSS)

Software Woo Admin Product Notes Type Plugin Vulnerable versions = 1.0.0 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-33999 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 2c264a5cbee2 Credits Rafie Muhammad Patchstack...

6.8AI score0.00284EPSS
Exploits0References2Affected Software1
Patchstack
Patchstackadded 2022/02/28 12:0 a.m.4 views

WordPress Woo Admin Product Notes plugin <= 1.0.0 - Sensitive Information Disclosure vulnerability

Sensitive Information Disclosure vulnerability discovered in WordPress Woo Admin Product Notes plugin versions = 1.0.0. Solution No patched version available...

2.7AI score
Exploits0References2Affected Software1
Patchstack
Patchstackadded 2022/02/28 12:0 a.m.9 views

WordPress Woo Admin Product Notes plugin <= 1.0.0 - Toggle The Debug Mode via Cross-Site Request Forgery (CSRF) vulnerability

Toggle The Debug Mode via Cross-Site Request Forgery CSRF vulnerability discovered in WordPress Woo Admin Product Notes plugin versions = 1.0.0. Solution No patched version available...

4.2AI score
Exploits0References2Affected Software1
Rows per page
Query Builder