CVE-2021-3977
- Source
- https://cve.org/CVERecord?id=CVE-2021-3977
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-3977.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2021-3977
- Aliases
- Published
- 2021-12-24T20:15:08.137Z
- Modified
- 2026-02-15T00:34:58.778875Z
- Severity
-
- 5.4 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVSS Calculator
- Summary
- [none]
- Details
-
invoiceninja is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
- References
-
- https://github.com/invoiceninja/invoiceninja/commit/1186eaa82375692d01d5ef3369c5b7bc7315b55f
- https://huntr.dev/bounties/99c4ed09-b66f-474a-bd74-eeccf9339fde
- https://huntr.dev/bounties/99c4ed09-b66f-474a-bd74-eeccf9339fde
- https://github.com/invoiceninja/invoiceninja/commit/1186eaa82375692d01d5ef3369c5b7bc7315b55f
- https://huntr.dev/bounties/99c4ed09-b66f-474a-bd74-eeccf9339fde
- https://huntr.dev/bounties/99c4ed09-b66f-474a-bd74-eeccf9339fde
Affected packages
Git / github.com/invoiceninja/invoiceninja
Affected ranges
- Type
- GIT
- Repo
- https://github.com/invoiceninja/invoiceninja
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixedIntroducedFixed
Affected versions
v4.*
v4.5.19
v4.5.20
v4.5.21
v4.5.22
v4.5.23
v4.5.24
v4.5.25
v4.5.26
v4.5.27
v4.5.28
v4.5.29
v4.5.30
v4.5.31
v4.5.32
v4.5.33
v4.5.34
v4.5.35
v4.5.36
v4.5.37
v4.5.38
v4.5.39
v4.5.40
v4.5.41
v4.5.42
v4.5.43
v4.5.44
v4.5.45
v4.5.46
v5.*
v5.0-release
v5.0.1-release
v5.0.10-release
v5.0.11
v5.0.2-release
v5.0.27-r1
v5.0.28
v5.0.3-release
v5.0.32
v5.0.4-release
v5.0.5-release
v5.0.6-release
v5.0.7-release
v5.0.8-release
v5.0.9-release
v5.1.72
v5.3.19