CVE-2026-33742 | Invoice Ninja up to 5.13.3 Markdown Parser purify::clean cross site scripting (GHSA-xph7-9749-56mh)

A vulnerability described as problematic has been identified in Invoice Ninja up to 5.13.3. Affected by this issue is the function purify::clean of the component Markdown Parser. Such manipulation leads to cross site scripting.

This vulnerability is referenced as CVE-2026-33742. It is possible to launch the attack remotely. No exploit is available.

Upgrading the affected component is recommended.VulDB Recent EntriesRead More