ddobrev25

CVE-2025-55579 NOMISEC MEDIUM WRITEUP

SolidInvoice 2.3.7 - Stored Cross-Site Scripting in Tax Rates Functionality

SolidInvoice version 2.3.7 is vulnerable to a Stored Cross-Site Scripting (XSS) issue in the Tax Rates functionality. The vulnerability is fixed in version 2.3.8.

CVSS 5.4

View Code

CVE-2025-55580 NOMISEC MEDIUM WRITEUP

SolidInvoice 2.3.7 - Authenticated Stored Cross-Site Scripting in Clients Module

SolidInvoice version 2.3.7 is vulnerable to a stored cross-site scripting (XSS) issue in the Clients module. An authenticated attacker can inject JavaScript that executes in other users' browsers when the Clients page is viewed. The vulnerability is fixed in version 2.3.8.

CVSS 5.4

View Code