Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

invoiceninja — Vulnerabilities & Security Advisories 3

Browse all 3 CVE security advisories affecting invoiceninja. AI-powered Chinese analysis, POCs, and references for each vulnerability.

InvoiceNinja is an open-source invoicing platform designed for freelancers and small businesses to manage billing and payments. Historically, the application has been susceptible to multiple remote code execution vulnerabilities, cross-site scripting flaws, and privilege escalation issues, often stemming from improper input validation and access control weaknesses. While no major public security incidents have been widely documented, the three recorded CVEs highlight ongoing security concerns. The platform's modular architecture and third-party integrations introduce additional attack surfaces, requiring regular security updates and careful configuration to mitigate risks associated with its exposed APIs and file upload mechanisms.

Top products by invoiceninja: invoiceninja invoiceninja/invoiceninja
CVE IDTitleCVSSSeverityPublished
CVE-2026-33742 Invoice Ninja has Stored XSS via Markdown HTML Injection in Product Notes — invoiceninjaCWE-79 5.4 Medium2026-03-26
CVE-2026-33628 Invoice Ninja Denylist Bypass may Lead to Stored XSS via Invoice Line Items — invoiceninjaCWE-79 5.4 Medium2026-03-26
CVE-2021-3977 Cross-site Scripting (XSS) - Stored in invoiceninja/invoiceninja — invoiceninja/invoiceninjaCWE-79 6.1 -2021-12-24

This page lists every published CVE security advisory associated with invoiceninja. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.