GCVE - cpe:2.3:a:n/a:solidinvoice:*:*:*:*:*:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:a:n/a:solidinvoice:*:*:*:*:*:*:*:*

part: a version: * update: *

Vendor	N/A (`22f567d3-1203-528c-8f0e-3eb9c2f6ca78`)
Product	Solidinvoice (`cd47b220-fbf3-505c-a66c-19bf38d7652a`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from gcve-enriched-dumps CVE data

PURL mappings

PURL	Source	Last updated
No PURL mappings for this CPE yet.

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2025-9171`	vulnerable	2026-06-08 07:45:21.835472	SolidInvoice Clients clients cross site scripting LOW (3.5) A security flaw has been discovered in SolidInvoice up to 2.4.0. The impacted element is an unknown function of the file /clients of the component Clients Module. Performing manipulation of the argument Name results in cross site scripting. The attack is possible to be carried out remotely. The exploit has been released to the public and may be exploited. The vendor was contacted early about this disclosure but did not respond in any way. Published: 2025-08-19T22:32:05.818Z Updated: 2025-08-20T15:16:20.030Z Open on db.gcve.eu Reference links https://vuldb.com/?id.320548 https://vuldb.com/?ctiid.320548 https://vuldb.com/?submit.630639 https://github.com/Gabrielmouraofc/PoC_Vuldb/blob/main/%F0%9F%95%B5%EF%B8%8F%E2%80%8D%E2%99%82%EF%B8%8F%20PoC%20%E2%80%93%20Stored%20XSS%205.md https://github.com/Gabrielmouraofc/PoC_Vuldb/blob/main/%F0%9F%95%B5%EF%B8%8F%E2%80%8D%E2%99%82%EF%B8%8F%20PoC%20%E2%80%93%20Stored%20XSS%205.md#-exploitation-steps	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2025-9170`	vulnerable	2026-06-08 07:45:21.834945	SolidInvoice Tax Rates rates cross site scripting LOW (3.5) A vulnerability was identified in SolidInvoice up to 2.4.0. The affected element is an unknown function of the file /tax/rates of the component Tax Rates Module. Such manipulation of the argument Name leads to cross site scripting. The attack can be executed remotely. The exploit is publicly available and might be used. The vendor was contacted early about this disclosure but did not respond in any way. Published: 2025-08-19T22:02:05.880Z Updated: 2025-08-20T15:16:27.386Z Open on db.gcve.eu Reference links https://vuldb.com/?id.320547 https://vuldb.com/?ctiid.320547 https://vuldb.com/?submit.630627 https://github.com/Gabrielmouraofc/PoC_Vuldb/blob/main/%F0%9F%93%84PoC%20-Stored%20XSS%204.md https://github.com/Gabrielmouraofc/PoC_Vuldb/blob/main/%F0%9F%93%84PoC%20-Stored%20XSS%204.md#-exploitation-steps	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2025-9169`	vulnerable	2026-06-08 07:45:21.834544	SolidInvoice Quote quotes cross site scripting LOW (3.5) A vulnerability was determined in SolidInvoice up to 2.4.0. Impacted is an unknown function of the file /quotes of the component Quote Module. This manipulation of the argument Name causes cross site scripting. Remote exploitation of the attack is possible. The exploit has been publicly disclosed and may be utilized. The vendor was contacted early about this disclosure but did not respond in any way. Published: 2025-08-19T21:32:06.661Z Updated: 2025-08-20T15:16:35.580Z Open on db.gcve.eu Reference links https://vuldb.com/?id.320546 https://vuldb.com/?ctiid.320546 https://vuldb.com/?submit.630626 https://github.com/Gabrielmouraofc/PoC_Vuldb/blob/main/%F0%9F%93%84PoC%20-%20Stored%20XSS%203.md https://github.com/Gabrielmouraofc/PoC_Vuldb/blob/main/%F0%9F%93%84PoC%20-%20Stored%20XSS%203.md#-exploitation-steps	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2025-9168`	vulnerable	2026-06-08 07:45:21.834028	SolidInvoice Invoice Creation invoice cross site scripting LOW (3.5) A vulnerability was found in SolidInvoice up to 2.4.0. This issue affects some unknown processing of the file /invoice of the component Invoice Creation Module. The manipulation of the argument Client Name results in cross site scripting. The attack may be launched remotely. The exploit has been made public and could be used. The vendor was contacted early about this disclosure but did not respond in any way. Published: 2025-08-19T21:02:06.601Z Updated: 2025-08-20T15:16:42.505Z Open on db.gcve.eu Reference links https://vuldb.com/?id.320545 https://vuldb.com/?ctiid.320545 https://vuldb.com/?submit.630625 https://github.com/Gabrielmouraofc/PoC_Vuldb/blob/main/%F0%9F%93%84POC%20Stored%20XSS%202.md https://github.com/Gabrielmouraofc/PoC_Vuldb/blob/main/%F0%9F%93%84POC%20Stored%20XSS%202.md#-exploitation-steps	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2025-9167`	vulnerable	2026-06-08 07:45:21.832625	SolidInvoice Recurring Invoice recurring cross site scripting LOW (3.5) A vulnerability has been found in SolidInvoice up to 2.4.0. This vulnerability affects unknown code of the file /invoice/recurring of the component Recurring Invoice Module. The manipulation of the argument client name leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. Published: 2025-08-19T20:32:06.486Z Updated: 2025-08-20T15:19:05.039Z Open on db.gcve.eu Reference links https://vuldb.com/?id.320544 https://vuldb.com/?ctiid.320544 https://vuldb.com/?submit.630624 https://github.com/Gabrielmouraofc/PoC_Vuldb/blob/main/%F0%9F%95%B5%EF%B8%8F%E2%80%8D%E2%99%82%EF%B8%8F%20PoC%20-%20Stored%20XSS%201.md https://github.com/Gabrielmouraofc/PoC_Vuldb/blob/main/%F0%9F%95%B5%EF%B8%8F%E2%80%8D%E2%99%82%EF%B8%8F%20PoC%20-%20Stored%20XSS%201.md#-exploitation-steps	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.