High severity8.8NVD Advisory· Published Nov 17, 2017· Updated Jun 17, 2026
CVE-2017-1000238
CVE-2017-1000238
Description
InvoicePlane version 1.4.10 is vulnerable to a Arbitrary File Upload resulting in an authenticated user can upload a malicious file to the webserver. It is possible for an attacker to upload a script which is able to compromise the webserver.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2cpe:2.3:a:invoiceplane:invoiceplane:1.4.10:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:invoiceplane:invoiceplane:1.4.10:*:*:*:*:*:*:*
- (no CPE)range: 1.4.10
Patches
Vulnerability mechanics
References
1- www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20170523-0_InvoicePlane_Upload_arbitrary_files_stored_XSS_v10.txtnvdExploitIssue TrackingThird Party Advisory
News mentions
0No linked articles in our index yet.