Exploit for Cross-site Scripting in Invoiceplane

CVE-2026-25596 — Stored XSS via Product Unit Name in InvoicePl...

CVE-2026-25596

InvoicePlane is a self-hosted open source application for managing invoices, clients, and payments. A Stored Cross-Site Scripting XSS vulnerability exists in InvoicePlane 1.7.0 via the Product Unit Name fields. An authenticated administrator can inject malicious JavaScript that executes when any...

CVE-2026-25596

InvoicePlane is a self-hosted open source application for managing invoices, clients, and payments. A Stored Cross-Site Scripting XSS vulnerability exists in InvoicePlane 1.7.0 via the Product Unit Name fields. An authenticated administrator can inject malicious JavaScript that executes when any...

CVE-2026-25596

InvoicePlane 1.7.0 is affected by a Stored XSS vulnerability in the Product Unit Name fields. An authenticated administrator can inject malicious JavaScript that executes when any administrator views an invoice containing a product with the malicious unit. The issue is mitigated in version 1.7.1 ...

CVE-2026-25596 InvoicePlane has Stored XSS via Product Unit Name in Invoice Item List

InvoicePlane is a self-hosted open source application for managing invoices, clients, and payments. A Stored Cross-Site Scripting XSS vulnerability exists in InvoicePlane 1.7.0 via the Product Unit Name fields. An authenticated administrator can inject malicious JavaScript that executes when any...

CVE-2026-25596 InvoicePlane has Stored XSS via Product Unit Name in Invoice Item List

InvoicePlane is a self-hosted open source application for managing invoices, clients, and payments. A Stored Cross-Site Scripting XSS vulnerability exists in InvoicePlane 1.7.0 via the Product Unit Name fields. An authenticated administrator can inject malicious JavaScript that executes when any...

CVE-2026-25596 InvoicePlane has Stored XSS via Product Unit Name in Invoice Item List

InvoicePlane is a self-hosted open source application for managing invoices, clients, and payments. A Stored Cross-Site Scripting XSS vulnerability exists in InvoicePlane 1.7.0 via the Product Unit Name fields. An authenticated administrator can inject malicious JavaScript that executes when any...

PT-2026-20552

Name of the Vulnerable Software and Affected Versions InvoicePlane version 1.7.0 InvoicePlane versions prior to 1.7.1 Description A Stored Cross-Site Scripting XSS issue exists in InvoicePlane. An authenticated administrator can inject malicious JavaScript through the Product Unit Name fields. Th...

InvoicePlane 跨站脚本漏洞

InvoicePlane is an open-source application developed by InvoicePlane. It provides a self-hosted open-source tool for managing your quotes, invoices, customers, and payments. Version 1.7.0 of InvoicePlane contains a cross-site scripting vulnerability, which stems from improper handling of the...

EUVD-2022-53185

Malicious code in bioql PyPI...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in Linux kernel that stems from an improperly set maximum unit name length...

CVE-2024-2997

A vulnerability was found in Bdtask Multi-Store Inventory Management System up to 20240320. It has been declared as problematic. Affected by this vulnerability is an unknown functionality. The manipulation of the argument Category Name/Model Name/Brand Name/Unit Name leads to cross site scripting...

CVE-2023-48682

Stored cross-site scripting XSS vulnerability in unit name. The following products are affected: Acronis Cyber Protect 16 Linux, Windows before build 37391...

Cross site scripting

Stored cross-site scripting XSS vulnerability in unit name. The following products are affected: Acronis Cyber Protect 16 Linux, Windows before build 37391...

CVE-2023-48682

Stored cross-site scripting XSS vulnerability in unit name. The following products are affected: Acronis Cyber Protect 16 Linux, Windows before build 37391...

PT-2024-13623 · Acronis · Acronis Cyber Protect 16

Name of the Vulnerable Software and Affected Versions: Acronis Cyber Protect 16 versions prior to build 37391 Description: A stored cross-site scripting XSS vulnerability exists in the unit name, allowing for potential exploitation. The estimated number of potentially affected devices worldwide i...

SUSE CVE-2021-33910

basic/unit-name.c in systemd prior to 246.15, 247.8, 248.5, and 249.1 has a Memory Allocation with an Excessive Size Value involving strdupa and alloca for a pathname controlled by a local attacker that results in an operating system crash...

SUSE: Security Advisory (SUSE-SU-2021:3611-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

basic/unit-name.c in systemd prior to 246.15 247.8 248.5 and 249.1 has a Memory Allocation with an Excessive Size Value (involving strdupa and alloca for a pathname controlled by a local attacker) that results in an operating system crash.

...

systemd: uncontrolled allocation on the stack in function unit_name_path_escape leads to crash

A flaw was found in systemd. The use of alloca function with an uncontrolled size in function unitnamepathescape allows a local attacker, able to mount a filesystem on a very long path, to crash systemd and the whole system by allocating a very large space in the stack. The highest threat from th...