CNNVD-202508-2246 Information

CNNVD ID

CNNVD-202508-2246

Related CVE

CVE-2025-9170

• CNNVD Published: 2025-08-19

Description (Chinese)

SolidInvoice是SolidInvoice开源的一个发票解决方案应用程序。 SolidInvoice 2.4.0及之前版本存在代码注入漏洞，该漏洞源于组件Tax Rates Module中文件/tax/rates对参数Name的错误操作，导致跨站脚本攻击。

Description (English)

SolidInvoice is an invoicedInvoice open-source application. SolidInvoice 2.4.0 and previous versions contain a code-injection loophole, which results from the error of file/tax/rates against parameter Name in component Taxates Modeule, leading to a cross-site script attack.

Hazard Level

Critical

Vulnerability Type

代码注入

Affected Vendor

SolidInvoice

Published

2025-08-19

Last Modified

2026-02-24

References

https://vuldb.com/?id.320547 https://vuldb.com/?submit.630627 https://github.com/Gabrielmouraofc/PoC_Vuldb/blob/main/%F0%9F%93%84PoC%20-Stored%20XSS%204.md#-exploitation-steps https://vuldb.com/?ctiid.320547 https://access.redhat.com/security/cve/cve-2025-9170 https://nvd.nist.gov/vuln/detail/CVE-2025-9170