Skip to main content

Invoice Ninja

2 CVEs product

Monthly

CVE-2021-3977 PHP MEDIUM POC PATCH This Month

invoiceninja is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'). Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Invoice Ninja
NVD GitHub
CVSS 3.1
5.4
EPSS
0.6%
CVE-2021-33898 HIGH PATCH This Week

In Invoice Ninja before 4.4.0, there is an unsafe call to unserialize() in app/Ninja/Repositories/AccountRepository.php that may allow an attacker to deserialize arbitrary PHP classes. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. This Deserialization of Untrusted Data vulnerability could allow attackers to execute arbitrary code through malicious serialized objects.

Deserialization RCE PHP Invoice Ninja
NVD GitHub
CVSS 3.1
8.1
EPSS
1.8%
EPSS 1% CVSS 5.4
MEDIUM POC PATCH This Month

invoiceninja is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'). Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Invoice Ninja
NVD GitHub
EPSS 2% CVSS 8.1
HIGH PATCH This Week

In Invoice Ninja before 4.4.0, there is an unsafe call to unserialize() in app/Ninja/Repositories/AccountRepository.php that may allow an attacker to deserialize arbitrary PHP classes. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. This Deserialization of Untrusted Data vulnerability could allow attackers to execute arbitrary code through malicious serialized objects.

Deserialization RCE PHP +1
NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy