All 7 CVE vulnerabilities found in SolidInvoice, with AI-generated Chinese analysis, references, and POCs.
Vendor: n/a
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2026-46489 | SolidInvoice: Unrestricted file upload with no MIME validation allows stored XSS via malicious SVG logo CWE-79 | 8.1 | High | 2026-06-11 |
| CVE-2026-46622 | SolidInvoice: API tokens stored as plaintext in the database allowing full credential compromise on database breach CWE-312 | 8.1 | High | 2026-06-11 |
| CVE-2025-9171 | SolidInvoice Clients clients cross site scripting CWE-79 | 3.5 | Low | 2025-08-19 |
| CVE-2025-9170 | SolidInvoice Tax Rates rates cross site scripting CWE-79 | 3.5 | Low | 2025-08-19 |
| CVE-2025-9169 | SolidInvoice Quote quotes cross site scripting CWE-79 | 3.5 | Low | 2025-08-19 |
| CVE-2025-9168 | SolidInvoice Invoice Creation invoice cross site scripting CWE-79 | 3.5 | Low | 2025-08-19 |
| CVE-2025-9167 | SolidInvoice Recurring Invoice recurring cross site scripting CWE-79 | 3.5 | Low | 2025-08-19 |
All 7 known CVE vulnerabilities affecting SolidInvoice with full Chinese analysis, references, and POCs where available.