Lucene search
K

4 matches found

Cvelist
Cvelist
added 2026/03/31 8:16 p.m.27 views

CVE-2026-34367 InvoiceShelf: SSRF in Invoice PDF Rendering via Unsanitised HTML in Notes Field

InvoiceShelf is an open-source web & mobile app that helps track expenses, payments and create professional invoices and estimates. Prior to version 2.2.0, a Server-Side Request Forgery SSRF vulnerability exists in the Invoice PDF generation module. User-supplied HTML in the invoice Notes field i...

7.6CVSS0.00261EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2026/03/31 8:16 p.m.3 views

CVE-2026-34367 InvoiceShelf: SSRF in Invoice PDF Rendering via Unsanitised HTML in Notes Field

InvoiceShelf is an open-source web & mobile app that helps track expenses, payments and create professional invoices and estimates. Prior to version 2.2.0, a Server-Side Request Forgery SSRF vulnerability exists in the Invoice PDF generation module. User-supplied HTML in the invoice Notes field i...

7.6CVSS5.8AI score0.00261EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2026/03/31 7:44 p.m.2 views

CVE-2026-34365 InvoiceShelf: SSRF in Estimate PDF Rendering via Unsanitised HTML in Notes Field

InvoiceShelf is an open-source web & mobile app that helps track expenses, payments and create professional invoices and estimates. Prior to version 2.2.0, a Server-Side Request Forgery SSRF vulnerability exists in the Estimate PDF generation module. User-supplied HTML in the estimate Notes field...

7.6CVSS5.8AI score0.00245EPSS
Exploits1References2
Snyk
Snyk
added 2020/11/16 11:44 a.m.3 views

Cross-site Scripting (XSS)

Overview markdown-it-prism is a The plugin will insert the necessary markup into all code blocks. Include one of Prism’s stylesheets in your HTML to get highlighted code. Affected versions of this package are vulnerable to Cross-site Scripting XSS. It is possible to insert malicious JavaScript as...

6.5CVSS5.3AI score
Exploits0References2
Rows per page
Query Builder