Vulnerabilities > Invoiceninja
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2021-12-24 | CVE-2021-3977 | Unspecified vulnerability in Invoiceninja Invoice Ninja invoiceninja is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') | 5.4 |
2021-06-06 | CVE-2021-33898 | Deserialization of Untrusted Data vulnerability in Invoiceninja Invoice Ninja In Invoice Ninja before 4.4.0, there is an unsafe call to unserialize() in app/Ninja/Repositories/AccountRepository.php that may allow an attacker to deserialize arbitrary PHP classes. | 8.1 |
2018-01-03 | CVE-2017-1000466 | Cross-site Scripting vulnerability in Invoiceninja Invoice Ninja 3.8.1 Invoice Ninja version 3.8.1 is vulnerable to stored cross-site scripting vulnerability, within the invoice creation page, which can result in disruption of service and execution of javascript code. | 5.4 |