Vulnerabilities > Invoiceplane > Invoiceplane > 1.4.10
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2018-03-05 | CVE-2017-18217 | Cross-site Scripting vulnerability in Invoiceplane An issue was discovered in InvoicePlane before 1.5.5. | 4.3 |
2018-02-09 | CVE-2017-1000508 | Cross-site Scripting vulnerability in Invoiceplane Invoice Plane version 1.5.4 and earlier contains a Cross Site Scripting (XSS) vulnerability in Client's details that can result in execution of javascript code . | 4.3 |
2017-11-17 | CVE-2017-1000239 | Cross-site Scripting vulnerability in Invoiceplane 1.4.10 InvoicePlane version 1.4.10 is vulnerable to a Stored Cross Site Scripting resulting in allowing an authenticated user to inject malicious client side script which will be executed in the browser of users if they visit the manipulated site. | 3.5 |
2017-11-17 | CVE-2017-1000238 | Unrestricted Upload of File with Dangerous Type vulnerability in Invoiceplane 1.4.10 InvoicePlane version 1.4.10 is vulnerable to a Arbitrary File Upload resulting in an authenticated user can upload a malicious file to the webserver. | 6.5 |