2 matches found
CVE-2026-25596
InvoicePlane 1.7.0 is affected by a Stored XSS vulnerability in the Product Unit Name fields. An authenticated administrator can inject malicious JavaScript that executes when any administrator views an invoice containing a product with the malicious unit. The issue is mitigated in version 1.7.1 ...
PT-2024-13623 · Acronis · Acronis Cyber Protect 16
Name of the Vulnerable Software and Affected Versions: Acronis Cyber Protect 16 versions prior to build 37391 Description: A stored cross-site scripting XSS vulnerability exists in the unit name, allowing for potential exploitation. The estimated number of potentially affected devices worldwide i...