Medium severity5.4NVD Advisory· Published Nov 17, 2017· Updated Jun 17, 2026
CVE-2017-1000239
CVE-2017-1000239
Description
InvoicePlane version 1.4.10 is vulnerable to a Stored Cross Site Scripting resulting in allowing an authenticated user to inject malicious client side script which will be executed in the browser of users if they visit the manipulated site.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2cpe:2.3:a:invoiceplane:invoiceplane:1.4.10:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:invoiceplane:invoiceplane:1.4.10:*:*:*:*:*:*:*
- (no CPE)range: =1.4.10
Patches
Vulnerability mechanics
References
1- www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20170523-0_InvoicePlane_Upload_arbitrary_files_stored_XSS_v10.txtnvdExploitIssue TrackingThird Party Advisory
News mentions
0No linked articles in our index yet.