CVE-2021-3977

MEDIUM WAF: High
CVSS 5.4 Published: 2021-12-24
CWE-79

invoiceninja is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

WAF Coverage Analysis

Cross-Site Scripting (XSS) High WAF Coverage

OWASP: A03:2021 Injection

941xxx - XSS / XXE

Affected Software

VendorProductVersion
invoiceninjainvoice_ninjaup to 4.5.47
invoiceninjainvoice_ninja5.0 - 5.3.33

References

  • github.com (Patch, Third Party Advisory)
  • huntr.dev (Exploit, Issue Tracking, Patch, Third Party Advisory)
Back to CVE Database