Invoiceplane

Invoiceplane

29 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
4.4

CVE-2026-26281

Exploit
  • EPSS 0.01%
  • Veröffentlicht 18.02.2026 23:03:08
  • Zuletzt bearbeitet 20.02.2026 17:14:02

InvoicePlane is a self-hosted open source application for managing invoices, clients, and payments. A stored cross-site scripting (XSS) vulnerability in the Sumex invoice view allows an authenticated user with client and invoice management privileges...

5.4

CVE-2026-26270

  • EPSS 0.01%
  • Veröffentlicht 18.02.2026 23:01:41
  • Zuletzt bearbeitet 20.02.2026 17:13:26

InvoicePlane is a self-hosted open source application for managing invoices, clients, and payments. A Stored Cross-Site Scripting (XSS) vulnerability exists in InvoicePlane (latest version) that allows an authenticated user with permissions to manage...

4.8

CVE-2026-25596

Exploit
  • EPSS 0.01%
  • Veröffentlicht 18.02.2026 22:59:44
  • Zuletzt bearbeitet 20.02.2026 17:07:57

InvoicePlane is a self-hosted open source application for managing invoices, clients, and payments. A Stored Cross-Site Scripting (XSS) vulnerability exists in InvoicePlane 1.7.0 via the Product Unit Name fields. An authenticated administrator can in...

4.8

CVE-2026-25595

Exploit
  • EPSS 0.01%
  • Veröffentlicht 18.02.2026 22:52:27
  • Zuletzt bearbeitet 20.02.2026 17:07:50

InvoicePlane is a self-hosted open source application for managing invoices, clients, and payments. A Stored Cross-Site Scripting (XSS) vulnerability exists in InvoicePlane 1.7.0 via the Invoice Number field. An authenticated administrator can inject...

4.8

CVE-2026-25594

Exploit
  • EPSS 0.01%
  • Veröffentlicht 18.02.2026 22:50:45
  • Zuletzt bearbeitet 20.02.2026 17:07:45

InvoicePlane is a self-hosted open source application for managing invoices, clients, and payments. A Stored Cross-Site Scripting (XSS) vulnerability exists in InvoicePlane 1.7.0 via the Family Name field. The `family_name` value is rendered without ...

9.1

CVE-2026-25548

Exploit
  • EPSS 0.38%
  • Veröffentlicht 18.02.2026 22:49:15
  • Zuletzt bearbeitet 20.02.2026 18:45:32

InvoicePlane is a self-hosted open source application for managing invoices, clients, and payments. A critical Remote Code Execution (RCE) vulnerability exists in InvoicePlane 1.7.0 through a chained Local File Inclusion (LFI) and Log Poisoning attac...

7.5

CVE-2026-24745

Exploit
  • EPSS 0.03%
  • Veröffentlicht 18.02.2026 22:47:19
  • Zuletzt bearbeitet 20.02.2026 18:45:21

InvoicePlane is a self-hosted open source application for managing invoices, clients, and payments. A Stored Cross-Site Scripting (XSS) vulnerability occurs in the upload Login Logo functions of InvoicePlane version 1.7.0. In the Upload Login Logo, t...

7.5

CVE-2026-24744

Exploit
  • EPSS 0.03%
  • Veröffentlicht 18.02.2026 21:01:27
  • Zuletzt bearbeitet 20.02.2026 18:45:14

InvoicePlane is a self-hosted open source application for managing invoices, clients, and payments. A Stored Cross-Site Scripting (XSS) vulnerability occurs in the Edit Invoices functions of InvoicePlane version 1.7.0. When editing invoices, the appl...

7.5

CVE-2026-24743

Exploit
  • EPSS 0.03%
  • Veröffentlicht 18.02.2026 20:59:16
  • Zuletzt bearbeitet 20.02.2026 18:39:46

InvoicePlane is a self-hosted open source application for managing invoices, clients, and payments. A Stored Cross-Site Scripting (XSS) vulnerability occurs in the upload Invoice Logo functions of InvoicePlane version 1.7.0. The Upload Invoice Logo f...

7.5

CVE-2026-24746

Exploit
  • EPSS 0.01%
  • Veröffentlicht 18.02.2026 20:51:20
  • Zuletzt bearbeitet 20.02.2026 18:33:43

InvoicePlane is a self-hosted open source application for managing invoices, clients, and payments. A Stored Cross-Site Scripting (XSS) vulnerability occurs in the Edit Quotes functions of InvoicePlane version 1.7.0. In the Editing Quotes function, t...