CVE-2026-25595 | InvoicePlane up to 1.7.0 Invoice Number cross site scripting (GHSA-xxvr-2564-6jg6)

A vulnerability, which was classified as problematic, was found in InvoicePlane up to 1.7.0. The affected element is an unknown function. Executing a manipulation of the argument Invoice Number can lead to cross site scripting.

This vulnerability is handled as CVE-2026-25595. The attack can be executed remotely. There is not any exploit available.

It is best practice to apply a patch to resolve this issue.VulDB Recent EntriesRead More