CVE-2026-24744 | InvoicePlane 1.7.0 invoice_number cross site scripting (GHSA-5mxx-553h-m62w)

A vulnerability marked as problematic has been reported in InvoicePlane 1.7.0. Affected by this issue is some unknown functionality. The manipulation of the argument invoice_number leads to cross site scripting.

This vulnerability is documented as CVE-2026-24744. The attack can be initiated remotely. There is not any exploit available.

It is suggested to install a patch to address this issue.VulDB Recent EntriesRead More