VYPR

Solidinvoice

by Solidinvoice

Source repositories

CVEs (9)

  • CVE-2026-46622HigJun 11, 2026
    risk 0.46cvss 8.1epss 0.00

    SolidInvoice is an open-source invoicing platform. Prior to version 2.3.17, API tokens used to authenticate all REST API requests are stored as plaintext strings in the api_tokens database table. Any attacker who obtains read access to the database — through SQL injection, a…

  • CVE-2026-46489HigJun 11, 2026
    risk 0.46cvss 8.1epss 0.00

    SolidInvoice is an open-source invoicing platform. Prior to version 2.3.17, the company logo upload feature accepts any file type without validation. An authenticated administrator can upload an SVG file containing embedded JavaScript. This script is base64-encoded and injected…

  • CVE-2025-9171LowAug 19, 2025
    risk 0.23cvss 3.5epss 0.00

    A security flaw has been discovered in SolidInvoice up to 2.4.0. The impacted element is an unknown function of the file /clients of the component Clients Module. Performing manipulation of the argument Name results in cross site scripting. The attack is possible to be carried…

  • CVE-2025-9170LowAug 19, 2025
    risk 0.23cvss 3.5epss 0.00

    A vulnerability was identified in SolidInvoice up to 2.4.0. The affected element is an unknown function of the file /tax/rates of the component Tax Rates Module. Such manipulation of the argument Name leads to cross site scripting. The attack can be executed remotely. The…

  • CVE-2025-9169LowAug 19, 2025
    risk 0.23cvss 3.5epss 0.00

    A vulnerability was determined in SolidInvoice up to 2.4.0. Impacted is an unknown function of the file /quotes of the component Quote Module. This manipulation of the argument Name causes cross site scripting. Remote exploitation of the attack is possible. The exploit has been…

  • CVE-2025-9168LowAug 19, 2025
    risk 0.23cvss 3.5epss 0.00

    A vulnerability was found in SolidInvoice up to 2.4.0. This issue affects some unknown processing of the file /invoice of the component Invoice Creation Module. The manipulation of the argument Client Name results in cross site scripting. The attack may be launched remotely. The…

  • CVE-2025-9167LowAug 19, 2025
    risk 0.23cvss 3.5epss 0.00

    A vulnerability has been found in SolidInvoice up to 2.4.0. This vulnerability affects unknown code of the file /invoice/recurring of the component Recurring Invoice Module. The manipulation of the argument client name leads to cross site scripting. The attack may be initiated…

  • CVE-2025-55580Aug 29, 2025
    risk 0.00cvss epss 0.00

    SolidInvoice version 2.3.7 is vulnerable to a stored cross-site scripting (XSS) issue in the Clients module. An authenticated attacker can inject JavaScript that executes in other users' browsers when the Clients page is viewed. The vulnerability is fixed in version 2.3.8.

  • CVE-2025-55579Aug 29, 2025
    risk 0.00cvss epss 0.00

    SolidInvoice version 2.3.7 is vulnerable to a Stored Cross-Site Scripting (XSS) issue in the Tax Rates functionality. The vulnerability is fixed in version 2.3.8.