4 matches found
CVE-2026-24746
InvoicePlane is a self-hosted open source application for managing invoices, clients, and payments. A Stored Cross-Site Scripting XSS vulnerability occurs in the Edit Quotes functions of InvoicePlane version 1.7.0. In the Editing Quotes function, the application does not validate user input at th...
CVE-2026-24746 InvoicePlane has a Stored Cross-Site Scripting (XSS) issue
InvoicePlane is a self-hosted open source application for managing invoices, clients, and payments. A Stored Cross-Site Scripting XSS vulnerability occurs in the Edit Quotes functions of InvoicePlane version 1.7.0. In the Editing Quotes function, the application does not validate user input at th...
CVE-2026-24746
InvoicePlane 1.7.0 contains a Stored Cross‑Site Scripting (XSS) flaw in the Edit Quotes workflow (quote_number input) that is exploitable with administrator privileges. The issue can lead to unauthorized data modification and persistence of malicious scripts, potentially compromising application ...
InvoicePlane 安全漏洞
InvoicePlane is an open-source application developed by InvoicePlane. It provides a self-hosted open-source tool for managing quotes, invoices, customers, and payments. Version 1.7.0 of InvoicePlane contains a security vulnerability. This vulnerability stems from the lack of validation for user...