Vulnerabilities > Invoiceninja > Invoice Ninja > 2.3.2
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-12-24 | CVE-2021-3977 | Unspecified vulnerability in Invoiceninja Invoice Ninja invoiceninja is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') | 5.4 |
| 2021-06-06 | CVE-2021-33898 | Deserialization of Untrusted Data vulnerability in Invoiceninja Invoice Ninja In Invoice Ninja before 4.4.0, there is an unsafe call to unserialize() in app/Ninja/Repositories/AccountRepository.php that may allow an attacker to deserialize arbitrary PHP classes. | 8.1 |