CNNVD-202508-2245 Information
CNNVD ID
CNNVD-202508-2245
Related CVE
- CNNVD Published: 2025-08-19
Description (Chinese)
SolidInvoice是SolidInvoice开源的一个发票解决方案应用程序。 SolidInvoice 2.4.0及之前版本存在代码注入漏洞,该漏洞源于组件Quote Module中文件/quotes对参数Name的错误操作,导致跨站脚本攻击。
Description (English)
SolidInvoice is an invoicedInvoice open-source application. SolidInvoice 2.4.0 and previous versions contain a code-injection loophole that results from the error of the file/quates against the parameter name in the component Quote Modeule, leading to a cross-site script attack.
Hazard Level
Critical
Vulnerability Type
代码注入
Affected Vendor
SolidInvoice
Published
2025-08-19
Last Modified
2026-02-24
References
https://github.com/Gabrielmouraofc/PoC_Vuldb/blob/main/%F0%9F%93%84PoC%20-%20Stored%20XSS%203.md https://vuldb.com/?id.320546 https://github.com/Gabrielmouraofc/PoC_Vuldb/blob/main/%F0%9F%93%84PoC%20-%20Stored%20XSS%203.md#-exploitation-steps https://vuldb.com/?submit.630626 https://vuldb.com/?ctiid.320546 https://access.redhat.com/security/cve/cve-2025-9169 https://nvd.nist.gov/vuln/detail/CVE-2025-9169
Share on: