CVE-2026-24746 | InvoicePlane 1.7.0 quote_number cross site scripting (GHSA-73×8-gr6v-vjvj)

A vulnerability identified as problematic has been detected in InvoicePlane 1.7.0. Affected is an unknown function. Performing a manipulation of the argument quote_number results in cross site scripting.

This vulnerability is cataloged as CVE-2026-24746. It is possible to initiate the attack remotely. There is no exploit available.

It is recommended to apply a patch to fix this issue.VulDB Recent EntriesRead More