PT-2025-33882 · Unknown · Solidinvoice
Gabrielmoura
·
Published
2025-08-19
·
Updated
2025-08-20
·
CVE-2025-9170
CVSS v3.1
5.4
Medium
| Vector | AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions:
SolidInvoice versions prior to 2.4.1
Description:
A vulnerability exists in SolidInvoice that allows for cross site scripting. The issue is located in an unknown
function within the /tax/rates file of the Tax Rates Module. Manipulation of the Name parameter can trigger the vulnerability, and the attack can be executed remotely. The exploit is publicly available. The vendor was contacted regarding this issue but did not respond.Recommendations:
SolidInvoice versions prior to 2.4.1: Update to version 2.4.1 or later to resolve this issue. As a temporary workaround, consider restricting access to the
/tax/rates file or disabling the Tax Rates Module until a patch is available.Exploit
Fix
XSS
Code Injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Solidinvoice