Gabrielmoura

Name of the Vulnerable Software and Affected Versions: SolidInvoice versions prior to 2.4.1 Description: A vulnerability exists in SolidInvoice that allows for cross site scripting. The issue affects unknown code within the `/invoice/recurring` file of the Recurring Invoice Module. Manipulation of the `client name` argument can trigger the vulnerability. The exploit has been publicly disclosed. The vendor was notified but did not respond. Recommendations: Update SolidInvoice to version 2.4.1 or later. As a temporary workaround, sanitize the `client name` input to prevent script injection.

Name of the Vulnerable Software and Affected Versions: SolidInvoice versions prior to 2.4.1 Description: A vulnerability exists in SolidInvoice affecting the Invoice Creation Module. The issue involves an unknown processing of the `/invoice` file. Manipulation of the `Client Name` argument results in cross site scripting. The attack can be launched remotely. The exploit has been made public and may be used. The vendor was contacted regarding this disclosure but did not respond. Recommendations: Update SolidInvoice to version 2.4.1 or later.

**Name of the Vulnerable Software and Affected Versions:** SolidInvoice versions prior to 2.4.1 **Description:** A cross-site scripting issue exists in SolidInvoice. The vulnerability affects an unknown function within the `/quotes` file of the Quote Module. Manipulation of the `Name` argument can lead to cross-site scripting attacks. Remote exploitation is possible, and the exploit has been publicly disclosed. The vendor was notified but did not respond. **Recommendations:** SolidInvoice versions prior to 2.4.1 are affected and should be updated.

**Name of the Vulnerable Software and Affected Versions:** SolidInvoice versions prior to 2.4.1 **Description:** A vulnerability exists in SolidInvoice that allows for cross site scripting. The issue is located in an unknown `function` within the `/tax/rates` file of the Tax Rates Module. Manipulation of the `Name` parameter can trigger the vulnerability, and the attack can be executed remotely. The exploit is publicly available. The vendor was contacted regarding this issue but did not respond. **Recommendations:** SolidInvoice versions prior to 2.4.1: Update to version 2.4.1 or later to resolve this issue. As a temporary workaround, consider restricting access to the `/tax/rates` file or disabling the Tax Rates Module until a patch is available.

Name of the Vulnerable Software and Affected Versions: SolidInvoice versions prior to 2.4.1 Description: A security flaw has been discovered in SolidInvoice. The impacted element is an unknown function within the `/clients` file of the Clients Module. Manipulation of the `Name` argument results in cross-site scripting. The attack can be carried out remotely, and the exploit has been released publicly. The vendor was contacted regarding this disclosure but did not respond. Recommendations: SolidInvoice versions prior to 2.4.1: Update to version 2.4.1 or later to address the issue. As a temporary workaround, consider restricting or disabling access to the `/clients` file or the Clients Module until a patch can be applied.