Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: GSA_kwCzR0hTQS14ZzZyLTVneDQtcXhqbc0eaQ
invoiceninja is vulnerable to Cross-site Scripting
invoiceninja is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Permalink: https://github.com/advisories/GHSA-xg6r-5gx4-qxjmJSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS14ZzZyLTVneDQtcXhqbc0eaQ
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Moderate
Classification: General
Published: over 2 years ago
Updated: over 1 year ago
CVSS Score: 5.4
CVSS vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Identifiers: GHSA-xg6r-5gx4-qxjm, CVE-2021-3977
References:
- https://nvd.nist.gov/vuln/detail/CVE-2021-3977
- https://github.com/invoiceninja/invoiceninja/commit/1186eaa82375692d01d5ef3369c5b7bc7315b55f
- https://huntr.dev/bounties/99c4ed09-b66f-474a-bd74-eeccf9339fde
- https://github.com/invoiceninja/invoiceninja/releases/tag/v5.3.35
- https://github.com/advisories/GHSA-xg6r-5gx4-qxjm
Blast Radius: 1.0
Affected Packages
packagist:hillelcoren/invoice-ninja
Dependent packages: 0Dependent repositories: 0
Downloads: 107 total
Affected Version Ranges: < 5.3.35
Fixed in: 5.3.35
All affected versions: 1.0.2, 1.0.3, 1.1.0, 1.1.1, 1.1.2, 1.2.0, 1.2.1, 1.2.2, 1.3.0, 1.3.1, 1.3.2, 1.3.3, 1.4.0, 1.5.0, 1.5.1, 1.5.2, 1.6.0, 1.6.1, 1.7.0, 1.7.1, 1.7.2, 2.0.0, 2.0.1, 2.1.0, 2.1.1, 2.1.2, 2.2.0, 2.2.1, 2.2.2, 2.3.0, 2.3.1, 2.3.2, 2.3.3, 2.3.4, 2.4.0, 2.4.1, 2.4.2, 2.4.3, 2.4.4, 2.4.5, 2.4.6, 2.4.7, 2.4.8, 2.4.9, 2.5.0, 2.5.1, 2.5.2, 2.6.1, 2.6.2, 2.6.3, 2.6.4, 2.6.5, 2.6.6, 2.6.7, 2.6.8, 2.6.9, 2.6.10, 2.6.11, 2.7.1, 2.7.2, 2.8.1, 2.8.2, 2.9.0, 2.9.1, 2.9.2, 2.9.3, 2.9.4, 2.9.5, 3.0.0, 3.0.1, 3.0.2, 3.0.3, 3.0.4, 3.0.5, 3.1.0, 3.1.1, 3.1.2, 3.1.3, 3.2.0, 3.2.1, 3.3.0, 3.3.1, 3.3.3, 3.4.0, 3.4.1, 3.4.2, 3.5.0, 3.5.1, 3.6.0, 3.6.1, 3.7.0, 3.7.1, 3.7.2, 3.8.0, 3.8.1, 3.9.0, 3.9.1, 3.9.2, 4.0.0, 4.0.1, 4.1.0, 4.1.1, 4.1.2, 4.1.3, 4.1.4, 4.1.5, 4.2.0, 4.2.1, 4.2.2, 4.3.0, 4.3.1, 4.4.0, 4.4.1, 4.4.2, 4.4.3, 4.4.4, 4.5.0, 4.5.1, 4.5.2, 4.5.3, 4.5.4, 4.5.5, 4.5.6, 4.5.7, 4.5.8, 4.5.9, 4.5.10, 4.5.11, 4.5.12, 4.5.13, 4.5.14, 4.5.15, 4.5.16, 4.5.17, 4.5.18, 4.5.19, 4.5.20, 4.5.21, 4.5.22, 4.5.23, 4.5.24, 4.5.25, 4.5.26, 4.5.27, 4.5.28, 4.5.29, 4.5.30, 4.5.31, 4.5.32, 4.5.33, 4.5.34, 4.5.35, 4.5.36, 4.5.37, 4.5.38, 4.5.39, 4.5.40, 4.5.41, 4.5.42, 4.5.43, 4.5.44, 4.5.45, 4.5.46, 4.5.47, 4.5.48, 4.5.49, 4.5.50, 5.0.1, 5.0.2, 5.0.3, 5.0.4, 5.0.5, 5.0.6, 5.0.7, 5.0.8, 5.0.9, 5.0.10, 5.0.11, 5.0.12, 5.0.13, 5.0.16, 5.0.17, 5.0.18, 5.0.19, 5.0.20, 5.0.21, 5.0.22, 5.0.23, 5.0.24, 5.0.25, 5.0.26, 5.0.27, 5.0.28, 5.0.29, 5.0.30, 5.0.31, 5.0.32, 5.0.33, 5.0.34, 5.0.35, 5.0.36, 5.0.37, 5.0.38, 5.0.39, 5.0.40, 5.0.41, 5.0.42, 5.0.43, 5.0.44, 5.0.45, 5.0.46, 5.0.47, 5.0.48, 5.0.49, 5.0.50, 5.0.51, 5.0.52, 5.0.53, 5.0.54, 5.0.55, 5.0.56, 5.1.0, 5.1.1, 5.1.2, 5.1.3, 5.1.4, 5.1.5, 5.1.6, 5.1.7, 5.1.8, 5.1.9, 5.1.10, 5.1.11, 5.1.12, 5.1.13, 5.1.14, 5.1.15, 5.1.16, 5.1.17, 5.1.18, 5.1.19, 5.1.20, 5.1.21, 5.1.22, 5.1.23, 5.1.24, 5.1.25, 5.1.26, 5.1.27, 5.1.28, 5.1.29, 5.1.30, 5.1.31, 5.1.32, 5.1.33, 5.1.34, 5.1.35, 5.1.36, 5.1.37, 5.1.38, 5.1.39, 5.1.40, 5.1.41, 5.1.42, 5.1.43, 5.1.44, 5.1.45, 5.1.46, 5.1.47, 5.1.48, 5.1.49, 5.1.50, 5.1.51, 5.1.52, 5.1.53, 5.1.54, 5.1.55, 5.1.56, 5.1.57, 5.1.58, 5.1.59, 5.1.60, 5.1.61, 5.1.62, 5.1.63, 5.1.64, 5.1.65, 5.1.66, 5.1.67, 5.1.68, 5.1.69, 5.1.70, 5.1.71, 5.1.72, 5.1.73, 5.1.74, 5.2.0, 5.2.1, 5.2.2, 5.2.3, 5.2.4, 5.2.5, 5.2.6, 5.2.7, 5.2.8, 5.2.9, 5.2.10, 5.2.11, 5.2.12, 5.2.13, 5.2.14, 5.2.15, 5.2.16, 5.2.17, 5.2.18, 5.2.19, 5.3.0, 5.3.1, 5.3.2, 5.3.3, 5.3.4, 5.3.5, 5.3.6, 5.3.7, 5.3.8, 5.3.9, 5.3.10, 5.3.11, 5.3.12, 5.3.13, 5.3.14, 5.3.15, 5.3.16, 5.3.17, 5.3.18, 5.3.19, 5.3.20, 5.3.21, 5.3.22, 5.3.23, 5.3.24, 5.3.25, 5.3.26, 5.3.27, 5.3.28, 5.3.29, 5.3.30, 5.3.31, 5.3.32, 5.3.33, 5.3.34
All unaffected versions: 5.3.35, 5.3.36, 5.3.37, 5.3.38, 5.3.39, 5.3.40, 5.3.41, 5.3.42, 5.3.43, 5.3.44, 5.3.45, 5.3.46, 5.3.47, 5.3.48, 5.3.49, 5.3.51, 5.3.52, 5.3.53, 5.3.54, 5.3.55, 5.3.56, 5.3.57, 5.3.58, 5.3.59, 5.3.60, 5.3.61, 5.3.62, 5.3.63, 5.3.64, 5.3.65, 5.3.66, 5.3.67, 5.3.68, 5.3.69, 5.3.70, 5.3.71, 5.3.72, 5.3.73, 5.3.74, 5.3.75, 5.3.76, 5.3.77, 5.3.78, 5.3.79, 5.3.80, 5.3.81, 5.3.82, 5.3.83, 5.3.84, 5.3.85, 5.3.86, 5.3.87, 5.3.88, 5.3.89, 5.3.90, 5.3.91, 5.3.92, 5.3.93, 5.3.94, 5.3.95, 5.3.96, 5.3.97, 5.3.98, 5.3.99, 5.3.100, 5.4.0, 5.4.1, 5.4.2, 5.4.3, 5.4.4, 5.4.5, 5.4.6, 5.4.7, 5.4.8, 5.4.9, 5.4.10, 5.4.11, 5.4.12, 5.5.0, 5.5.1, 5.5.2, 5.5.3, 5.5.4, 5.5.5, 5.5.6, 5.5.7, 5.5.8, 5.5.9, 5.5.10, 5.5.11, 5.5.12, 5.5.13, 5.5.14, 5.5.15, 5.5.16, 5.5.17, 5.5.18, 5.5.19, 5.5.20, 5.5.21, 5.5.22, 5.5.23, 5.5.24, 5.5.25, 5.5.26, 5.5.27, 5.5.28, 5.5.29, 5.5.30, 5.5.31, 5.5.32, 5.5.33, 5.5.34, 5.5.35, 5.5.36, 5.5.37, 5.5.38, 5.5.39, 5.5.40, 5.5.41, 5.5.42, 5.5.43, 5.5.44, 5.5.45, 5.5.46, 5.5.47, 5.5.48, 5.5.49, 5.5.50, 5.5.51, 5.5.52, 5.5.53, 5.5.54, 5.5.55, 5.5.56, 5.5.57, 5.5.58, 5.5.59, 5.5.60, 5.5.61, 5.5.62, 5.5.63, 5.5.64, 5.5.65, 5.5.66, 5.5.67, 5.5.68, 5.5.69, 5.5.70, 5.5.71, 5.5.73, 5.5.74, 5.5.75, 5.5.76, 5.5.77, 5.5.78, 5.5.79, 5.5.80, 5.5.81, 5.5.82, 5.5.83, 5.5.84, 5.5.85, 5.5.86, 5.5.87, 5.5.88, 5.5.89, 5.5.90, 5.5.91, 5.5.92, 5.5.93, 5.5.94, 5.5.95, 5.5.96, 5.5.97, 5.5.98, 5.5.99, 5.5.100, 5.5.101, 5.5.102, 5.5.103, 5.5.104, 5.5.105, 5.5.106, 5.5.107, 5.5.108, 5.5.109, 5.5.110, 5.5.111, 5.5.112, 5.5.113, 5.5.114, 5.5.115, 5.5.116, 5.5.117, 5.5.118, 5.5.119, 5.5.120, 5.5.121, 5.5.122, 5.5.123, 5.5.124, 5.6.0, 5.6.1, 5.6.2, 5.6.3, 5.6.4, 5.6.5, 5.6.6, 5.6.7, 5.6.8, 5.6.9, 5.6.10, 5.6.11, 5.6.12, 5.6.13, 5.6.14, 5.6.15, 5.6.16, 5.6.17, 5.6.18, 5.6.19, 5.6.20, 5.6.21, 5.6.22, 5.6.23, 5.6.24, 5.6.25, 5.6.26, 5.6.27, 5.6.28, 5.6.29, 5.6.30, 5.6.31, 5.7.0, 5.7.1, 5.7.2, 5.7.3, 5.7.4, 5.7.5, 5.7.6, 5.7.7, 5.7.8, 5.7.9, 5.7.10, 5.7.11, 5.7.12, 5.7.13, 5.7.14, 5.7.15, 5.7.16, 5.7.17, 5.7.18, 5.7.19, 5.7.20, 5.7.21, 5.7.22, 5.7.23, 5.7.24, 5.7.25, 5.7.26, 5.7.27, 5.7.28, 5.7.29, 5.7.30, 5.7.31, 5.7.32, 5.7.33, 5.7.34, 5.7.35, 5.7.36, 5.7.37, 5.7.38, 5.7.39, 5.7.40, 5.7.41, 5.7.42, 5.7.43, 5.7.44, 5.7.45, 5.7.46, 5.7.47, 5.7.48, 5.7.49, 5.7.50, 5.7.51, 5.7.52, 5.7.53, 5.7.54, 5.7.55, 5.7.56, 5.7.57, 5.7.58, 5.7.59, 5.7.60, 5.7.61, 5.7.62, 5.7.63, 5.8.0, 5.8.1, 5.8.2, 5.8.3, 5.8.4, 5.8.5, 5.8.6, 5.8.7, 5.8.8, 5.8.9, 5.8.10, 5.8.11, 5.8.12, 5.8.13, 5.8.14, 5.8.15, 5.8.16, 5.8.17, 5.8.18, 5.8.19, 5.8.20, 5.8.21, 5.8.22, 5.8.23, 5.8.24, 5.8.25, 5.8.26, 5.8.27, 5.8.28, 5.8.29, 5.8.30, 5.8.31, 5.8.32, 5.8.33, 5.8.34, 5.8.35, 5.8.36, 5.8.37, 5.8.38, 5.8.39, 5.8.40, 5.8.41, 5.8.42, 5.8.43, 5.8.44, 5.8.45, 5.8.46, 5.8.47, 5.8.48, 5.8.49