{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-06-15T05:26:21.601","vulnerabilities":[{"cve":{"id":"CVE-2026-25595","sourceIdentifier":"security-advisories@github.com","published":"2026-02-18T23:16:19.910","lastModified":"2026-02-20T17:07:50.597","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"InvoicePlane is a self-hosted open source application for managing invoices, clients, and payments. A Stored Cross-Site Scripting (XSS) vulnerability exists in InvoicePlane 1.7.0 via the Invoice Number field. An authenticated administrator can inject malicious JavaScript that executes when any administrator views the affected invoice or visits the dashboard. Version 1.7.1 patches the issue."},{"lang":"es","value":"InvoicePlane es una aplicación de código abierto autoalojada para gestionar facturas, clientes y pagos. Una vulnerabilidad de cross-site scripting (XSS) almacenado existe en InvoicePlane 1.7.0 a través del campo Invoice Number. Un administrador autenticado puede inyectar JavaScript malicioso que se ejecuta cuando cualquier administrador ve la factura afectada o visita el panel de control. La versión 1.7.1 corrige el problema."}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N","baseScore":4.8,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":1.7,"impactScore":2.7}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Primary","description":[{"lang":"en","value":"CWE-79"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:invoiceplane:invoiceplane:*:*:*:*:*:*:*:*","versionEndExcluding":"1.7.1","matchCriteriaId":"200F4F45-C04E-4F4E-9DF4-CE8D5ABEDB9F"}]}]}],"references":[{"url":"https://github.com/InvoicePlane/InvoicePlane/commit/93622f2df88a860d89bfee56012cabb2942061d6","source":"security-advisories@github.com","tags":["Patch"]},{"url":"https://github.com/InvoicePlane/InvoicePlane/security/advisories/GHSA-xxvr-2564-6jg6","source":"security-advisories@github.com","tags":["Exploit","Vendor Advisory"]}]}}]}