Exploit for Cross-site Scripting in Invoiceplane

CVE-2026-25596 — Stored XSS via Product Unit Name in InvoicePl...

CVE-2026-25596

InvoicePlane is a self-hosted open source application for managing invoices, clients, and payments. A Stored Cross-Site Scripting XSS vulnerability exists in InvoicePlane 1.7.0 via the Product Unit Name fields. An authenticated administrator can inject malicious JavaScript that executes when any...

CVE-2026-25596

InvoicePlane is a self-hosted open source application for managing invoices, clients, and payments. A Stored Cross-Site Scripting XSS vulnerability exists in InvoicePlane 1.7.0 via the Product Unit Name fields. An authenticated administrator can inject malicious JavaScript that executes when any...

CVE-2026-25596 InvoicePlane has Stored XSS via Product Unit Name in Invoice Item List

InvoicePlane is a self-hosted open source application for managing invoices, clients, and payments. A Stored Cross-Site Scripting XSS vulnerability exists in InvoicePlane 1.7.0 via the Product Unit Name fields. An authenticated administrator can inject malicious JavaScript that executes when any...

CVE-2026-25596

InvoicePlane 1.7.0 is affected by a Stored XSS vulnerability in the Product Unit Name fields. An authenticated administrator can inject malicious JavaScript that executes when any administrator views an invoice containing a product with the malicious unit. The issue is mitigated in version 1.7.1 ...

CVE-2026-25596 InvoicePlane has Stored XSS via Product Unit Name in Invoice Item List

InvoicePlane is a self-hosted open source application for managing invoices, clients, and payments. A Stored Cross-Site Scripting XSS vulnerability exists in InvoicePlane 1.7.0 via the Product Unit Name fields. An authenticated administrator can inject malicious JavaScript that executes when any...

CVE-2026-25596 InvoicePlane has Stored XSS via Product Unit Name in Invoice Item List

InvoicePlane is a self-hosted open source application for managing invoices, clients, and payments. A Stored Cross-Site Scripting XSS vulnerability exists in InvoicePlane 1.7.0 via the Product Unit Name fields. An authenticated administrator can inject malicious JavaScript that executes when any...

InvoicePlane 跨站脚本漏洞

InvoicePlane is an open-source application developed by InvoicePlane. It provides a self-hosted open-source tool for managing your quotes, invoices, customers, and payments. Version 1.7.0 of InvoicePlane contains a cross-site scripting vulnerability, which stems from improper handling of the...

PT-2026-20552

Name of the Vulnerable Software and Affected Versions InvoicePlane version 1.7.0 InvoicePlane versions prior to 1.7.1 Description A Stored Cross-Site Scripting XSS issue exists in InvoicePlane. An authenticated administrator can inject malicious JavaScript through the Product Unit Name fields. Th...

EUVD-2022-53185

Malicious code in bioql PyPI...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in Linux kernel that stems from an improperly set maximum unit name length...

CVE-2024-2997

A vulnerability was found in Bdtask Multi-Store Inventory Management System up to 20240320. It has been declared as problematic. Affected by this vulnerability is an unknown functionality. The manipulation of the argument Category Name/Model Name/Brand Name/Unit Name leads to cross site scripting...

CVE-2023-48682

Stored cross-site scripting XSS vulnerability in unit name. The following products are affected: Acronis Cyber Protect 16 Linux, Windows before build 37391...

Cross site scripting

Stored cross-site scripting XSS vulnerability in unit name. The following products are affected: Acronis Cyber Protect 16 Linux, Windows before build 37391...

CVE-2023-48682

Stored cross-site scripting XSS vulnerability in unit name. The following products are affected: Acronis Cyber Protect 16 Linux, Windows before build 37391...

PT-2024-13623 · Acronis · Acronis Cyber Protect 16

Name of the Vulnerable Software and Affected Versions: Acronis Cyber Protect 16 versions prior to build 37391 Description: A stored cross-site scripting XSS vulnerability exists in the unit name, allowing for potential exploitation. The estimated number of potentially affected devices worldwide i...

SUSE CVE-2021-33910

basic/unit-name.c in systemd prior to 246.15, 247.8, 248.5, and 249.1 has a Memory Allocation with an Excessive Size Value involving strdupa and alloca for a pathname controlled by a local attacker that results in an operating system crash...

SUSE: Security Advisory (SUSE-SU-2021:3611-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

basic/unit-name.c in systemd prior to 246.15 247.8 248.5 and 249.1 has a Memory Allocation with an Excessive Size Value (involving strdupa and alloca for a pathname controlled by a local attacker) that results in an operating system crash.

...

systemd: uncontrolled allocation on the stack in function unit_name_path_escape leads to crash

A flaw was found in systemd. The use of alloca function with an uncontrolled size in function unitnamepathescape allows a local attacker, able to mount a filesystem on a very long path, to crash systemd and the whole system by allocating a very large space in the stack. The highest threat from th...