CVE ID :CVE-2026-33742
Published : March 26, 2026, 9:17 p.m. | 1 hour, 10 minutes ago
Description :Invoice Ninja is a source-available invoice, quote, project and time-tracking app built with Laravel. Product notes fields in Invoice Ninja v5.13.0 allow raw HTML via Markdown rendering, enabling stored XSS. The Markdown parser output was not sanitized with `purify::clean()` before being included in invoice templates. This is fixed in v5.13.4 by the vendor by adding `purify::clean()` to sanitize Markdown output.
Severity: 5.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
from Latest Vulnerabilities https://ift.tt/2Ltjc01
Published : March 26, 2026, 9:17 p.m. | 1 hour, 10 minutes ago
Description :Invoice Ninja is a source-available invoice, quote, project and time-tracking app built with Laravel. Product notes fields in Invoice Ninja v5.13.0 allow raw HTML via Markdown rendering, enabling stored XSS. The Markdown parser output was not sanitized with `purify::clean()` before being included in invoice templates. This is fixed in v5.13.4 by the vendor by adding `purify::clean()` to sanitize Markdown output.
Severity: 5.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
from Latest Vulnerabilities https://ift.tt/2Ltjc01
Post a Comment