CVE-2025-9167

Name of the Vulnerable Software and Affected Versions: SolidInvoice versions prior to 2.4.1

Description: A vulnerability exists in SolidInvoice that allows for cross site scripting. The issue affects unknown code within the /invoice/recurring file of the Recurring Invoice Module. Manipulation of the client name argument can trigger the vulnerability. The exploit has been publicly disclosed. The vendor was notified but did not respond.

Recommendations: Update SolidInvoice to version 2.4.1 or later. As a temporary workaround, sanitize the client name input to prevent script injection.