Vulnerabilities > Invoiceplane > Invoiceplane > 1.5.4
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2019-03-21 | CVE-2019-7223 | Cross-site Scripting vulnerability in Invoiceplane InvoicePlane 1.5 has stored XSS via the index.php/invoices/ajax/save invoice_password parameter, aka the "PDF password" field to the "Create Invoice" option. | 3.5 |
2018-03-05 | CVE-2017-18217 | Cross-site Scripting vulnerability in Invoiceplane An issue was discovered in InvoicePlane before 1.5.5. | 4.3 |
2018-02-09 | CVE-2017-1000508 | Cross-site Scripting vulnerability in Invoiceplane Invoice Plane version 1.5.4 and earlier contains a Cross Site Scripting (XSS) vulnerability in Client's details that can result in execution of javascript code . | 4.3 |