CVE-2017-1000466

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2017-1000466

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2017-1000466.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2017-1000466

Published

2018-01-03T01:29:00.220Z

Modified

2026-03-14T09:24:48.287535Z

Severity

5.4 (Medium) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVSS Calculator

Summary

[none]

Details

Invoice Ninja version 3.8.1 is vulnerable to stored cross-site scripting vulnerability, within the invoice creation page, which can result in disruption of service and execution of javascript code.

References

https://github.com/invoiceninja/invoiceninja/issues/1727

Affected packages

Git / github.com/invoiceninja/invoiceninja

Affected ranges

Type

GIT

Repo

https://github.com/invoiceninja/invoiceninja

Events

Introduced

Last affected

15af0fa00e309e215b2df2fcb031d6c7e55dc268

Database specific

{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "last_affected": "3.8.1"
        }
    ]
}

Affected versions

v1.*

v1.0.2

v1.0.3

v1.1.0

v1.1.1

v1.1.2

v1.2.0

v1.2.1

v1.2.2

v1.3.0

v1.3.1

v1.3.2

v1.3.3

v1.4.0

v1.5.0

v1.5.1

v1.5.2

v1.6.0

v1.6.1

v1.7.0

v1.7.1

v1.7.2

v2.*

v2.0.0

v2.0.0_RC1

v2.0.1

v2.1.0

v2.1.1

v2.1.2

v2.2.0

v2.2.1

v2.2.2

v2.3.0

v2.3.1

v2.3.2

v2.3.3

v2.3.4

v2.4.0

v2.4.1

v2.4.2

v2.4.3

v2.4.4

v2.4.5

v2.4.6

v2.4.7

v2.4.8

v2.4.8.1

v2.4.9

v2.4.9.1

v2.4.9.2

v2.4.9.3

v2.4.9.4

v2.4.9.5

v2.4.9.6

v2.5.0

v2.5.0.1

v2.5.0.2

v2.5.0.3

v2.5.0.4

v2.5.1

v2.5.1.1

v2.5.1.2

v2.5.1.3

v2.5.2

v2.5.2.1

v2.5.2.2

v2.6

v2.6.1

v2.6.10

v2.6.11

v2.6.2

v2.6.3

v2.6.4

v2.6.5

v2.6.6

v2.6.7

v2.6.8

v2.6.9

v2.7

v2.7.1

v2.7.2

v2.8

v2.8.1

v2.8.2

v2.9.0

v2.9.1

v2.9.2

v2.9.3

v2.9.4

v2.9.5

v3.*

v3.0.0

v3.0.1

v3.0.2

v3.0.3

v3.0.4

v3.0.5

v3.1.0

v3.1.1

v3.1.2

v3.1.3

v3.2.0

v3.2.1

v3.3.0

v3.3.1

v3.3.3

v3.4.0

v3.4.1

v3.4.2

v3.5.0

v3.5.1

v3.6.0

v3.6.1

v3.7.0

v3.7.1

v3.7.2

v3.8.0

v3.8.1

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2017-1000466.json"