CVE-2026-24743
InvoicePlane 1.7.0 is affected by a stored XSS in the Upload Invoice Logo SVG handling. The vulnerability can enable attacker-controlled script execution via uploaded logos, potentially leading to unauthorized data modification, persistence (backdoors), and compromise of application integrity. Re...