CVE-2025-9171

Name of the Vulnerable Software and Affected Versions: SolidInvoice versions prior to 2.4.1

Description: A security flaw has been discovered in SolidInvoice. The impacted element is an unknown function within the /clients file of the Clients Module. Manipulation of the Name argument results in cross-site scripting. The attack can be carried out remotely, and the exploit has been released publicly. The vendor was contacted regarding this disclosure but did not respond.

Recommendations: SolidInvoice versions prior to 2.4.1: Update to version 2.4.1 or later to address the issue. As a temporary workaround, consider restricting or disabling access to the /clients file or the Clients Module until a patch can be applied.