Stored Cross-Site Scripting Vulnerability in Invoice Ninja by Invoice Ninja
CVE-2017-1000466

5.4MEDIUM

Key Information:

Vendor
CVE Published:
3 January 2018

What is CVE-2017-1000466?

The Invoice Ninja application, specifically version 3.8.1, is susceptible to a stored cross-site scripting vulnerability. This flaw resides in the invoice creation page, which, if exploited, could allow an attacker to inject and execute malicious JavaScript code. This vulnerability poses a significant risk of service disruption and can potentially lead to unauthorized actions within the affected application.

References

CVSS V3.1

Score:
5.4
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability Reserved

  • Vulnerability published

.