CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

6 matches found

NVD•added 2026/02/18 11:16 p.m.•3 views

CVE-2026-26281

InvoicePlane is a self-hosted open source application for managing invoices, clients, and payments. A stored cross-site scripting XSS vulnerability in the Sumex invoice view allows an authenticated user with client and invoice management privileges to execute arbitrary JavaScript in the browser o...

4.4CVSS0.00013EPSS

Exploits1References2

CVE•added 2026/02/18 11:3 p.m.•9 views

CVE-2026-26281

InvoicePlane has a stored XSS in the Sumex invoice view. An authenticated user with client/invoice management privileges can inject JavaScript that runs in other users’ browsers viewing the invoice, potentially enabling session hijacking and data theft. A fixed version is 1.7.1. Remediate by upgr...

4.4CVSS5.6AI score0.00013EPSS

Exploits1References2Affected Software1

Vulnrichment•added 2026/02/18 11:3 p.m.•4 views

CVE-2026-26281 InvoicePlane has Stored Cross-Site Scripting (XSS) Issue in Sumex Invoice View

4.4CVSS5.6AI score0.00013EPSS

Exploits1References2

OSV•added 2026/02/18 11:3 p.m.•3 views

CVE-2026-26281 InvoicePlane has Stored Cross-Site Scripting (XSS) Issue in Sumex Invoice View

4.4CVSS5.7AI score0.00013EPSS

Exploits1References4

Cvelist•added 2026/02/18 11:3 p.m.•20 views

CVE-2026-26281 InvoicePlane has Stored Cross-Site Scripting (XSS) Issue in Sumex Invoice View

4.4CVSS0.00013EPSS

Exploits1References2

CNNVD•added 2026/02/18 12:0 a.m.•3 views

InvoicePlane 跨站脚本漏洞

InvoicePlane is an open-source application developed by InvoicePlane. It provides a self-hosted open-source tool for managing your quotes, invoices, customers, and payments. Version 1.7.0 of InvoicePlane contains a cross-site scripting vulnerability. This vulnerability allows authenticated users ...

4.4CVSS5.9AI score0.00013EPSS

Exploits1References2

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by