CVE-2025-9168

CVSS v3.1

5.4

Medium

Vector

AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions: SolidInvoice versions prior to 2.4.1

Description: A vulnerability exists in SolidInvoice affecting the Invoice Creation Module. The issue involves an unknown processing of the /invoice file. Manipulation of the Client Name argument results in cross site scripting. The attack can be launched remotely. The exploit has been made public and may be used. The vendor was contacted regarding this disclosure but did not respond.

Recommendations: Update SolidInvoice to version 2.4.1 or later.

Exploit

Fix

XSS

Code Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79CWE-94

Related Identifiers

CVE-2025-9168

Affected Products

Solidinvoice

CVE-2025-9168

Weakness Enumeration

Related Identifiers

Affected Products

References · 10