CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2026-25594

InvoicePlane is a self-hosted open source application for managing invoices, clients, and payments. A Stored Cross-Site Scripting (XSS) vulnerability exists in InvoicePlane 1.7.0 via the Family Name field. The `family_name` value is rendered without HTML encoding inside the family dropdown on the product form. When an administrator creates a family with a malicious name, the payload executes in the browser of any administrator who visits the product form. Version 1.7.1 patches the issue.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.0

EPSS Ranking 0.8%

CVSS Severity

CVSS v3 Score 4.8

References

Products affected by CVE-2026-25594

Invoiceplane » Invoiceplane » Version: 0.9

cpe:2.3:a:invoiceplane:invoiceplane:0.9
Invoiceplane » Invoiceplane » Version: 1.0.0

cpe:2.3:a:invoiceplane:invoiceplane:1.0.0
Invoiceplane » Invoiceplane » Version: 1.0.1

cpe:2.3:a:invoiceplane:invoiceplane:1.0.1
Invoiceplane » Invoiceplane » Version: 1.0.2

cpe:2.3:a:invoiceplane:invoiceplane:1.0.2
Invoiceplane » Invoiceplane » Version: 1.1.0

cpe:2.3:a:invoiceplane:invoiceplane:1.1.0
Invoiceplane » Invoiceplane » Version: 1.1.1

cpe:2.3:a:invoiceplane:invoiceplane:1.1.1
Invoiceplane » Invoiceplane » Version: 1.1.2

cpe:2.3:a:invoiceplane:invoiceplane:1.1.2
Invoiceplane » Invoiceplane » Version: 1.2.0

cpe:2.3:a:invoiceplane:invoiceplane:1.2.0
Invoiceplane » Invoiceplane » Version: 1.2.1

cpe:2.3:a:invoiceplane:invoiceplane:1.2.1
Invoiceplane » Invoiceplane » Version: 1.3.0

cpe:2.3:a:invoiceplane:invoiceplane:1.3.0
Invoiceplane » Invoiceplane » Version: 1.3.1

cpe:2.3:a:invoiceplane:invoiceplane:1.3.1
Invoiceplane » Invoiceplane » Version: 1.3.2

cpe:2.3:a:invoiceplane:invoiceplane:1.3.2
Invoiceplane » Invoiceplane » Version: 1.3.3

cpe:2.3:a:invoiceplane:invoiceplane:1.3.3
Invoiceplane » Invoiceplane » Version: 1.4.0

cpe:2.3:a:invoiceplane:invoiceplane:1.4.0
Invoiceplane » Invoiceplane » Version: 1.4.1

cpe:2.3:a:invoiceplane:invoiceplane:1.4.1
Invoiceplane » Invoiceplane » Version: 1.4.10

cpe:2.3:a:invoiceplane:invoiceplane:1.4.10
Invoiceplane » Invoiceplane » Version: 1.4.2

cpe:2.3:a:invoiceplane:invoiceplane:1.4.2
Invoiceplane » Invoiceplane » Version: 1.4.3

cpe:2.3:a:invoiceplane:invoiceplane:1.4.3
Invoiceplane » Invoiceplane » Version: 1.4.4

cpe:2.3:a:invoiceplane:invoiceplane:1.4.4
Invoiceplane » Invoiceplane » Version: 1.4.5

cpe:2.3:a:invoiceplane:invoiceplane:1.4.5
Invoiceplane » Invoiceplane » Version: 1.4.6

cpe:2.3:a:invoiceplane:invoiceplane:1.4.6
Invoiceplane » Invoiceplane » Version: 1.4.7

cpe:2.3:a:invoiceplane:invoiceplane:1.4.7
Invoiceplane » Invoiceplane » Version: 1.4.8

cpe:2.3:a:invoiceplane:invoiceplane:1.4.8
Invoiceplane » Invoiceplane » Version: 1.4.9

cpe:2.3:a:invoiceplane:invoiceplane:1.4.9
Invoiceplane » Invoiceplane » Version: 1.5.0

cpe:2.3:a:invoiceplane:invoiceplane:1.5.0
Invoiceplane » Invoiceplane » Version: 1.5.1

cpe:2.3:a:invoiceplane:invoiceplane:1.5.1
Invoiceplane » Invoiceplane » Version: 1.5.10

cpe:2.3:a:invoiceplane:invoiceplane:1.5.10
Invoiceplane » Invoiceplane » Version: 1.5.11

cpe:2.3:a:invoiceplane:invoiceplane:1.5.11
Invoiceplane » Invoiceplane » Version: 1.5.2

cpe:2.3:a:invoiceplane:invoiceplane:1.5.2
Invoiceplane » Invoiceplane » Version: 1.5.3

cpe:2.3:a:invoiceplane:invoiceplane:1.5.3
Invoiceplane » Invoiceplane » Version: 1.5.4

cpe:2.3:a:invoiceplane:invoiceplane:1.5.4
Invoiceplane » Invoiceplane » Version: 1.5.5

cpe:2.3:a:invoiceplane:invoiceplane:1.5.5
Invoiceplane » Invoiceplane » Version: 1.5.6

cpe:2.3:a:invoiceplane:invoiceplane:1.5.6
Invoiceplane » Invoiceplane » Version: 1.5.7

cpe:2.3:a:invoiceplane:invoiceplane:1.5.7
Invoiceplane » Invoiceplane » Version: 1.5.8

cpe:2.3:a:invoiceplane:invoiceplane:1.5.8
Invoiceplane » Invoiceplane » Version: 1.5.9

cpe:2.3:a:invoiceplane:invoiceplane:1.5.9
Invoiceplane » Invoiceplane » Version: 1.6.0

cpe:2.3:a:invoiceplane:invoiceplane:1.6.0
Invoiceplane » Invoiceplane » Version: 1.6.1

cpe:2.3:a:invoiceplane:invoiceplane:1.6.1
Invoiceplane » Invoiceplane » Version: 1.6.2

cpe:2.3:a:invoiceplane:invoiceplane:1.6.2

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2026-25594

Products

Pricing

Contact Us