Skip to main content

Invoiceshelf

3 CVEs product

Monthly

CVE-2026-34365 HIGH PATCH This Week

Server-Side Request Forgery in InvoiceShelf 2.x allows authenticated administrators to exfiltrate internal network data via malicious HTML in estimate PDF generation. The vulnerability stems from unsanitized user input passed to the Dompdf rendering library, enabling arbitrary HTTP requests from the server. Exploitable through PDF preview and customer view endpoints without requiring email functionality. Patched in version 2.2.0. CVSS 7.6 reflects high confidentiality impact with scope change (C:H/S:C), requiring high privileges (PR:H) but low attack complexity over network vector. No confirmed active exploitation (not in CISA KEV), but the technical barrier is low for authenticated attackers with administrative access.

SSRF Invoiceshelf
NVD GitHub
CVSS 3.1
7.6
EPSS
0.0%
CVE-2026-34367 HIGH PATCH This Week

Server-Side Request Forgery in InvoiceShelf prior to version 2.2.0 allows authenticated high-privilege users to force the server to make arbitrary HTTP requests through the invoice PDF generation module. Attackers can inject malicious HTML into the invoice Notes field, which Dompdf processes without sanitization, fetching remote resources and potentially accessing internal network services or exfiltrating data via out-of-band channels. EPSS data not available; no public exploit identified at time of analysis. The CVSS score of 7.6 reflects high confidentiality impact with scope change, indicating potential for significant internal network reconnaissance.

SSRF Invoiceshelf
NVD GitHub
CVSS 3.1
7.6
EPSS
0.0%
CVE-2026-34366 HIGH PATCH This Week

Server-Side Request Forgery in InvoiceShelf's PDF payment receipt generation allows authenticated high-privilege users to make arbitrary HTTP requests from the server through unsanitized HTML injection in payment Notes fields. The vulnerability affects InvoiceShelf versions prior to 2.2.0, leveraging the Dompdf library's resource fetching behavior to pivot attacks against internal network resources or exfiltrate data via DNS/HTTP channels. CVSS 7.6 reflects network-accessible attack with low complexity but high privileges required and cross-scope impact. No public exploit identified at time of analysis, with EPSS data unavailable for this recent CVE. Vendor-released patch available in version 2.2.0 per GitHub security advisory.

SSRF Invoiceshelf
NVD GitHub
CVSS 3.1
7.6
EPSS
0.0%
EPSS 0% CVSS 7.6
HIGH PATCH This Week

Server-Side Request Forgery in InvoiceShelf 2.x allows authenticated administrators to exfiltrate internal network data via malicious HTML in estimate PDF generation. The vulnerability stems from unsanitized user input passed to the Dompdf rendering library, enabling arbitrary HTTP requests from the server. Exploitable through PDF preview and customer view endpoints without requiring email functionality. Patched in version 2.2.0. CVSS 7.6 reflects high confidentiality impact with scope change (C:H/S:C), requiring high privileges (PR:H) but low attack complexity over network vector. No confirmed active exploitation (not in CISA KEV), but the technical barrier is low for authenticated attackers with administrative access.

SSRF Invoiceshelf
NVD GitHub
EPSS 0% CVSS 7.6
HIGH PATCH This Week

Server-Side Request Forgery in InvoiceShelf prior to version 2.2.0 allows authenticated high-privilege users to force the server to make arbitrary HTTP requests through the invoice PDF generation module. Attackers can inject malicious HTML into the invoice Notes field, which Dompdf processes without sanitization, fetching remote resources and potentially accessing internal network services or exfiltrating data via out-of-band channels. EPSS data not available; no public exploit identified at time of analysis. The CVSS score of 7.6 reflects high confidentiality impact with scope change, indicating potential for significant internal network reconnaissance.

SSRF Invoiceshelf
NVD GitHub
EPSS 0% CVSS 7.6
HIGH PATCH This Week

Server-Side Request Forgery in InvoiceShelf's PDF payment receipt generation allows authenticated high-privilege users to make arbitrary HTTP requests from the server through unsanitized HTML injection in payment Notes fields. The vulnerability affects InvoiceShelf versions prior to 2.2.0, leveraging the Dompdf library's resource fetching behavior to pivot attacks against internal network resources or exfiltrate data via DNS/HTTP channels. CVSS 7.6 reflects network-accessible attack with low complexity but high privileges required and cross-scope impact. No public exploit identified at time of analysis, with EPSS data unavailable for this recent CVE. Vendor-released patch available in version 2.2.0 per GitHub security advisory.

SSRF Invoiceshelf
NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy