Vulnerabilities > Invoiceninja > Invoice Ninja > 2.3.1
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-12-24 | CVE-2021-3977 | Cross-site Scripting vulnerability in Invoiceninja Invoice Ninja invoiceninja is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') | 3.5 |
| 2021-06-06 | CVE-2021-33898 | Deserialization of Untrusted Data vulnerability in Invoiceninja Invoice Ninja In Invoice Ninja before 4.4.0, there is an unsafe call to unserialize() in app/Ninja/Repositories/AccountRepository.php that may allow an attacker to deserialize arbitrary PHP classes. | 6.8 |