Moderate severityNVD Advisory· Published Dec 24, 2021· Updated Aug 3, 2024
Cross-site Scripting (XSS) - Stored in invoiceninja/invoiceninja
CVE-2021-3977
Description
invoiceninja is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
hillelcoren/invoice-ninjaPackagist | < 5.3.35 | 5.3.35 |
Affected products
2- Range: unspecified
Patches
Vulnerability mechanics
Generated on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.
References
5- github.com/advisories/GHSA-xg6r-5gx4-qxjmghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2021-3977ghsaADVISORY
- github.com/invoiceninja/invoiceninja/commit/1186eaa82375692d01d5ef3369c5b7bc7315b55fghsax_refsource_MISCWEB
- github.com/invoiceninja/invoiceninja/releases/tag/v5.3.35ghsaWEB
- huntr.dev/bounties/99c4ed09-b66f-474a-bd74-eeccf9339fdeghsax_refsource_CONFIRMWEB
News mentions
0No linked articles in our index yet.