CVE-2026-25596 | InvoicePlane up to 1.7.0 Product Unit Name cross site scripting (GHSA-3wjq-822q-98f4)

A vulnerability has been found in InvoicePlane up to 1.7.0 and classified as problematic. The impacted element is an unknown function. The manipulation of the argument Product Unit Name leads to cross site scripting.

This vulnerability is uniquely identified as CVE-2026-25596. The attack is possible to be carried out remotely. No exploit exists.

It is recommended to apply a patch to fix this issue.VulDB Recent EntriesRead More