CVE-2026-25594 | InvoicePlane up to 1.7.0 Family Name Field family_name cross site scripting (GHSA-wrr7-2f27-8h94)

A vulnerability classified as problematic was found in InvoicePlane up to 1.7.0. This issue affects some unknown processing of the component Family Name Field. Such manipulation of the argument family_name leads to cross site scripting.

This vulnerability is traded as CVE-2026-25594. The attack may be launched remotely. There is no exploit available.

It is advisable to implement a patch to correct this issue.VulDB Recent EntriesRead More