CVE-2017-1000239

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2017-1000239

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2017-1000239.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2017-1000239

Published

2017-11-17T03:29:00.457Z

Modified

2025-11-14T04:55:16.549520Z

Severity

5.4 (Medium) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVSS Calculator

Summary

[none]

Details

InvoicePlane version 1.4.10 is vulnerable to a Stored Cross Site Scripting resulting in allowing an authenticated user to inject malicious client side script which will be executed in the browser of users if they visit the manipulated site.

References

https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20170523-0_InvoicePlane_Upload_arbitrary_files_stored_XSS_v10.txt

Affected packages

Git / github.com/invoiceplane/invoiceplane

Affected ranges

Type: GIT
Repo: https://github.com/invoiceplane/invoiceplane
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Last affected

8051e44a2de154cb32a1ad5879d0ddaf4a5fdf81

Affected versions

0.*

0.9beta

v1.*

v1.0.0

v1.0.1

v1.0.2

v1.1.0

v1.1.1

v1.1.2

v1.2.0

v1.2.1

v1.3.0

v1.3.1

v1.3.2

v1.3.3

v1.4.0

v1.4.1

v1.4.10

v1.4.2

v1.4.3

v1.4.4

v1.4.5

v1.4.6

v1.4.7

v1.4.8

v1.4.9

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2017-1000239.json"