InvoicePlane — Vulnerabilities & Security Advisories 14

All 14 CVE vulnerabilities found in InvoicePlane, with AI-generated Chinese analysis, references, and POCs.

Vendor: n/a

CVE ID	Title	CVSS	Severity	Published
CVE-2026-26281	InvoicePlane has Stored Cross-Site Scripting (XSS) Issue in Sumex Invoice View CWE-79	4.4	Medium	2026-02-18
CVE-2026-26270	InvoicePlane has Stored Cross-Site Scripting Issue in Identifier Formatting CWE-79	5.4	Medium	2026-02-18
CVE-2026-25596	InvoicePlane has Stored XSS via Product Unit Name in Invoice Item List CWE-79	4.8	Medium	2026-02-18
CVE-2026-25595	InvoicePlane has Stored XSS via Invoice Number in Invoice View and Dashboard CWE-79	4.8	Medium	2026-02-18
CVE-2026-25594	InvoicePlane has Stored XSS via Family Name in Product Form CWE-79	4.8	Medium	2026-02-18
CVE-2026-25548	InvoicePlane Vulnerable to Remote Code Execution via Local File Inclusion and Log Poisoning CWE-94	9.1	Critical	2026-02-18
CVE-2026-24745	InvoicePlane has a Stored Cross-Site Scripting (XSS) issue CWE-79	5.7	Medium	2026-02-18
CVE-2026-24744	InvoicePlane has a Stored Cross-Site Scripting (XSS) issue CWE-79	5.7	Medium	2026-02-18
CVE-2026-24743	InvoicePlane has a Stored Cross-Site Scripting (XSS) issue CWE-79	5.7	Medium	2026-02-18
CVE-2026-24746	InvoicePlane has a Stored Cross-Site Scripting (XSS) issue CWE-79	5.7	Medium	2026-02-18
CVE-2026-23491	InvoicePlane has Unauthenticated Path Traversal in Guest Controller CWE-22	7.5	-	2026-02-18
CVE-2024-12667	InvoicePlane view session expiration CWE-613	3.7	Low	2024-12-16
CVE-2024-12478	InvoicePlane 1 upload_file unrestricted upload CWE-434	6.3	Medium	2024-12-16
CVE-2024-12362	InvoicePlane invoices.php download path traversal CWE-22	4.3	Medium	2024-12-16

All 14 known CVE vulnerabilities affecting InvoicePlane with full Chinese analysis, references, and POCs where available.