CVE-2025-9171

Опубликовано: 19 авг. 2025

Источник: nvd

CVSS3: 3.5

CVSS3: 5.4

CVSS2: 4

EPSS Низкий

Описание

A security flaw has been discovered in SolidInvoice up to 2.4.0. The impacted element is an unknown function of the file /clients of the component Clients Module. Performing manipulation of the argument Name results in cross site scripting. The attack is possible to be carried out remotely. The exploit has been released to the public and may be exploited. The vendor was contacted early about this disclosure but did not respond in any way.

Ссылки

https://github.com/Gabrielmouraofc/PoC_Vuldb/blob/main/%F0%9F%95%B5%EF%B8%8F%E2%80%8D%E2%99%82%EF%B8%8F%20PoC%20%E2%80%93%20Stored%20XSS%205.md
Exploit
Third Party Advisory
https://github.com/Gabrielmouraofc/PoC_Vuldb/blob/main/%F0%9F%95%B5%EF%B8%8F%E2%80%8D%E2%99%82%EF%B8%8F%20PoC%20%E2%80%93%20Stored%20XSS%205.md#-exploitation-steps
Exploit
Third Party Advisory
https://vuldb.com/?ctiid.320548
Permissions Required
https://vuldb.com/?id.320548
Third Party Advisory
VDB Entry
https://vuldb.com/?submit.630639
Third Party Advisory
VDB Entry
https://github.com/Gabrielmouraofc/PoC_Vuldb/blob/main/%F0%9F%95%B5%EF%B8%8F%E2%80%8D%E2%99%82%EF%B8%8F%20PoC%20%E2%80%93%20Stored%20XSS%205.md#-exploitation-steps
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:solidinvoice:solidinvoice:*:*:*:*:*:*:*:*

Версия до 2.4.0 (включая)

EPSS

Процентиль: 12%

0.00043

Низкий

3.5 Low

CVSS3

5.4 Medium

CVSS3

4 Medium

CVSS2

Дефекты

CWE-79

Связанные уязвимости

GHSA-9xqq-4chh-p6q2

CVSS3: 3.5

github

4 дня назад

EPSS

Процентиль: 12%

0.00043

Низкий

3.5 Low

CVSS3

5.4 Medium

CVSS3

4 Medium

CVSS2

Дефекты

CWE-79