Skip to main content

Invoiceninja

2 CVEs product

Monthly

CVE-2026-58450 MEDIUM POC This Month

Open redirect in Invoice Ninja's client portal login (through version 5.13.26) enables unauthenticated attackers to craft login URLs that transparently redirect authenticated victims to attacker-controlled external sites after they complete a legitimate login. The vulnerability stems from the `intended` query parameter being stored in the session without host validation, then emitted verbatim by the `ContactLoginController::authenticated()` handler post-login, making it a reliable phishing vector against Invoice Ninja clients. A publicly available proof-of-concept exists; no CISA KEV listing is present at time of analysis.

Open Redirect Invoiceninja
NVD GitHub
CVSS 4.0
5.3
EPSS
0.2%
CVE-2026-33742 MEDIUM PATCH This Month

Stored cross-site scripting (XSS) in Invoice Ninja v5.13.0 through v5.13.3 allows authenticated attackers with product notes field access to inject and execute arbitrary JavaScript in invoice templates via unvalidated Markdown rendering. The vulnerability affects all Invoice Ninja instances running affected versions where the Markdown parser output bypasses HTML sanitization, enabling session hijacking, credential theft, or malicious template manipulation for other users viewing invoices. A vendor-released patch (v5.13.4) addresses this by implementing purify::clean() sanitization on Markdown output.

XSS Invoiceninja
NVD GitHub
CVSS 3.1
5.4
EPSS
0.0%
EPSS 0% CVSS 5.3
MEDIUM POC This Month

Open redirect in Invoice Ninja's client portal login (through version 5.13.26) enables unauthenticated attackers to craft login URLs that transparently redirect authenticated victims to attacker-controlled external sites after they complete a legitimate login. The vulnerability stems from the `intended` query parameter being stored in the session without host validation, then emitted verbatim by the `ContactLoginController::authenticated()` handler post-login, making it a reliable phishing vector against Invoice Ninja clients. A publicly available proof-of-concept exists; no CISA KEV listing is present at time of analysis.

Open Redirect Invoiceninja
NVD GitHub
EPSS 0% CVSS 5.4
MEDIUM PATCH This Month

Stored cross-site scripting (XSS) in Invoice Ninja v5.13.0 through v5.13.3 allows authenticated attackers with product notes field access to inject and execute arbitrary JavaScript in invoice templates via unvalidated Markdown rendering. The vulnerability affects all Invoice Ninja instances running affected versions where the Markdown parser output bypasses HTML sanitization, enabling session hijacking, credential theft, or malicious template manipulation for other users viewing invoices. A vendor-released patch (v5.13.4) addresses this by implementing purify::clean() sanitization on Markdown output.

XSS Invoiceninja
NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy