Vulnerabilities > Invoiceplane > Invoiceplane > 1.5.5
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2019-03-21 | CVE-2019-7223 | Cross-site Scripting vulnerability in Invoiceplane InvoicePlane 1.5 has stored XSS via the index.php/invoices/ajax/save invoice_password parameter, aka the "PDF password" field to the "Create Invoice" option. | 3.5 |