CNNVD-202508-2234 Information

CNNVD ID

CNNVD-202508-2234

Related CVE

CVE-2025-9167

• CNNVD Published: 2025-08-19

Description (Chinese)

SolidInvoice是SolidInvoice开源的一个发票解决方案应用程序。 SolidInvoice 2.4.0及之前版本存在代码注入漏洞，该漏洞源于组件Recurring Invoice Module中文件/invoice/recurring对参数client name的错误操作，导致跨站脚本攻击。

Description (English)

SolidInvoice is an invoicedInvoice open-source application. SolidInvoice 2.4.0 and previous versions had a code-injection loophole, which originated from the error of the file/info/recurring to the parameter clint name of the component Recurring Innovation Module, resulting in a cross-site script attack.

Hazard Level

Critical

Vulnerability Type

代码注入

Affected Vendor

SolidInvoice

Published

2025-08-19

Last Modified

2026-02-24

References

https://vuldb.com/?ctiid.320544 https://vuldb.com/?submit.630624 https://github.com/Gabrielmouraofc/PoC_Vuldb/blob/main/%F0%9F%95%B5%EF%B8%8F%E2%80%8D%E2%99%82%EF%B8%8F%20PoC%20-%20Stored%20XSS%201.md https://vuldb.com/?id.320544 https://github.com/Gabrielmouraofc/PoC_Vuldb/blob/main/%F0%9F%95%B5%EF%B8%8F%E2%80%8D%E2%99%82%EF%B8%8F%20PoC%20-%20Stored%20XSS%201.md#-exploitation-steps https://nvd.nist.gov/vuln/detail/CVE-2025-9167 https://access.redhat.com/security/cve/cve-2025-9167