Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

InvoicePlane — Vulnerabilities & Security Advisories 11

Browse all 11 CVE security advisories affecting InvoicePlane. AI-powered Chinese analysis, POCs, and references for each vulnerability.

InvoicePlane is an open-source invoicing and billing application designed for small businesses to manage invoices, payments, and client information. Historically, it has been susceptible to multiple remote code execution vulnerabilities, cross-site scripting (XSS), and privilege escalation flaws, with 11 CVEs documented to date. Notable security characteristics include its PHP-based architecture and reliance on MySQL, which have contributed to past authentication bypass issues. While no major public security incidents have been widely reported, the consistent discovery of critical vulnerabilities underscores the importance of regular updates and hardening for production deployments.

Found 11 results / 11Clear Filters
Top products by InvoicePlane: InvoicePlane
CVE IDTitleCVSSSeverityPublished
CVE-2026-26281 InvoicePlane has Stored Cross-Site Scripting (XSS) Issue in Sumex Invoice View — InvoicePlaneCWE-79 4.4 Medium2026-02-18
CVE-2026-26270 InvoicePlane has Stored Cross-Site Scripting Issue in Identifier Formatting — InvoicePlaneCWE-79 5.4 Medium2026-02-18
CVE-2026-25596 InvoicePlane has Stored XSS via Product Unit Name in Invoice Item List — InvoicePlaneCWE-79 4.8 Medium2026-02-18
CVE-2026-25595 InvoicePlane has Stored XSS via Invoice Number in Invoice View and Dashboard — InvoicePlaneCWE-79 4.8 Medium2026-02-18
CVE-2026-25594 InvoicePlane has Stored XSS via Family Name in Product Form — InvoicePlaneCWE-79 4.8 Medium2026-02-18
CVE-2026-25548 InvoicePlane Vulnerable to Remote Code Execution via Local File Inclusion and Log Poisoning — InvoicePlaneCWE-94 9.1 Critical2026-02-18
CVE-2026-24745 InvoicePlane has a Stored Cross-Site Scripting (XSS) issue — InvoicePlaneCWE-79 5.7 Medium2026-02-18
CVE-2026-24744 InvoicePlane has a Stored Cross-Site Scripting (XSS) issue — InvoicePlaneCWE-79 5.7 Medium2026-02-18
CVE-2026-24743 InvoicePlane has a Stored Cross-Site Scripting (XSS) issue — InvoicePlaneCWE-79 5.7 Medium2026-02-18
CVE-2026-24746 InvoicePlane has a Stored Cross-Site Scripting (XSS) issue — InvoicePlaneCWE-79 5.7 Medium2026-02-18
CVE-2026-23491 InvoicePlane has Unauthenticated Path Traversal in Guest Controller — InvoicePlaneCWE-22 7.5 -2026-02-18

This page lists every published CVE security advisory associated with InvoicePlane. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.