invoiceplane
Enterprise Softwarecommercial
Top products
Latest CVEs
The 15 most recently published vulnerabilities affecting invoiceplane.
- CVE-2026-26281InvoicePlane has Stored Cross-Site Scripting (XSS) Issue in Sumex Invoice View4.4
- CVE-2026-26270InvoicePlane has Stored Cross-Site Scripting Issue in Identifier Formatting5.4
- CVE-2026-25596InvoicePlane has Stored XSS via Product Unit Name in Invoice Item List4.8
- CVE-2026-25595InvoicePlane has Stored XSS via Invoice Number in Invoice View and Dashboard4.8
- CVE-2026-25594InvoicePlane has Stored XSS via Family Name in Product Form4.8
- CVE-2026-25548InvoicePlane Vulnerable to Remote Code Execution via Local File Inclusion and Log Poisoning9.1
- CVE-2026-24745InvoicePlane has a Stored Cross-Site Scripting (XSS) issue5.7
- CVE-2026-24744InvoicePlane has a Stored Cross-Site Scripting (XSS) issue5.7
- CVE-2026-24743InvoicePlane has a Stored Cross-Site Scripting (XSS) issue5.7
- CVE-2026-24746InvoicePlane has a Stored Cross-Site Scripting (XSS) issue5.7
- CVE-2026-23491InvoicePlane has Unauthenticated Path Traversal in Guest Controller7.5
- CVE-2025-67084File upload vulnerability in InvoicePlane through 1.6.3 allows authenticated attackers to upload arbitrary PHP files into attachments, which can later be executed remotely, leading to Remote Code E...9.9
- CVE-2025-67083Directory traversal vulnerability in InvoicePlane through 1.6.3 allows unauthenticated attackers to read files from the server. The ability to read files and the file type depends on the web server...5.3
- CVE-2025-67082An SQL injection vulnerability in InvoicePlane through 1.6.3 has been identified in "maxQuantity" and "minQuantity" parameters when generating a report. An authenticated attacker can exploit this i...6.5
- CVE-2025-64012InvoicePlane commit debb446c is vulnerable to Incorrect Access Control. The invoices/view handler fails to verify ownership before returning invoice data.4.3