CVE-2017-18217

Name of the Vulnerable Software and Affected Versions: InvoicePlane versions prior to 1.5.5

Description: An issue was discovered related to Cross Site Scripting. The Email address and Web address parameters are vulnerable, specifically in the files application/modules/clients/views/view.php, application/modules/invoices/views/view.php, and application/modules/quotes/views/view.php.

Recommendations: For versions prior to 1.5.5, update to version 1.5.5 or later to resolve the issue. As a temporary workaround, consider restricting user input for the Email address and Web address parameters to minimize the risk of exploitation.