Medium severity6.1OSV Advisory· Published Mar 5, 2018· Updated Jun 17, 2026
CVE-2017-18217
CVE-2017-18217
Description
An issue was discovered in InvoicePlane before 1.5.5. It was observed that the Email address and Web address parameters are vulnerable to Cross Site Scripting, related to application/modules/clients/views/view.php, application/modules/invoices/views/view.php, and application/modules/quotes/views/view.php.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
20.9beta, v1.0.0, v1.0.1, …+ 1 more
- (no CPE)range: 0.9beta, v1.0.0, v1.0.1, …
- (no CPE)range: <1.5.5
Patches
Vulnerability mechanics
References
3- github.com/InvoicePlane/InvoicePlane/pull/542nvdPatchThird Party Advisory
- github.com/InvoicePlane/InvoicePlane/pull/551nvdPatchThird Party Advisory
- blog.isecurion.com/2018/04/23/invoice-plane-v1-5-cross-site-scripting-vulnerability/nvdExploitThird Party Advisory
News mentions
0No linked articles in our index yet.