Vulnerabilities > Invoiceninja

DATE CVE VULNERABILITY TITLE RISK
2021-12-24 CVE-2021-3977 Unspecified vulnerability in Invoiceninja Invoice Ninja
invoiceninja is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
network
low complexity
invoiceninja
5.4
2021-06-06 CVE-2021-33898 Deserialization of Untrusted Data vulnerability in Invoiceninja Invoice Ninja
In Invoice Ninja before 4.4.0, there is an unsafe call to unserialize() in app/Ninja/Repositories/AccountRepository.php that may allow an attacker to deserialize arbitrary PHP classes.
network
high complexity
invoiceninja CWE-502
8.1
2018-01-03 CVE-2017-1000466 Cross-site Scripting vulnerability in Invoiceninja Invoice Ninja 3.8.1
Invoice Ninja version 3.8.1 is vulnerable to stored cross-site scripting vulnerability, within the invoice creation page, which can result in disruption of service and execution of javascript code.
network
low complexity
invoiceninja CWE-79
5.4