Stored XSS Vulnerability in InvoicePlane by InvoicePlane
CVE-2019-7223

5.4MEDIUM

Key Information:

Vendor: Invoiceplane
Status: Invoiceplane
Vendor: CVE Published:; 21 March 2019

🔔 Create Invoiceplane Vulnerability Alert

What is CVE-2019-7223?

InvoicePlane version 1.5 is susceptible to a stored XSS vulnerability that can be exploited through the invoice_password parameter in the Create Invoice feature. An attacker can inject malicious scripts, which are later executed when users view the invoice via the affected URI. Proper input validation and sanitization measures should be implemented to mitigate this security risk.

References

https://cxsecurity.com/issue/WLB-2019020191

x_refsource_MISC

CVSS V3.1

Score:

5.4

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 21, 2019
Vulnerability Reserved
Jan 30, 2019