CNNVD-202508-2247 Information

CNNVD ID

CNNVD-202508-2247

Related CVE

CVE-2025-9171

• CNNVD Published: 2025-08-19

Description (Chinese)

SolidInvoice是SolidInvoice开源的一个发票解决方案应用程序。 SolidInvoice 2.4.0及之前版本存在代码注入漏洞，该漏洞源于组件Clients Module中文件/clients对参数Name的错误操作，导致跨站脚本攻击。

Description (English)

SolidInvoice is an invoicedInvoice open-source application. SolidInvoice 2.4.0 and previous versions contain a code-injection loophole, which stems from the error of file/clients against the parameter name in component Clits Modeule, resulting in a cross-stop script attack.

Hazard Level

Critical

Vulnerability Type

代码注入

Affected Vendor

SolidInvoice

Published

2025-08-19

Last Modified

2026-02-24

References

https://github.com/Gabrielmouraofc/PoC_Vuldb/blob/main/%F0%9F%95%B5%EF%B8%8F%E2%80%8D%E2%99%82%EF%B8%8F%20PoC%20%E2%80%93%20Stored%20XSS%205.md#-exploitation-steps https://vuldb.com/?id.320548 https://vuldb.com/?submit.630639 https://vuldb.com/?ctiid.320548 https://access.redhat.com/security/cve/cve-2025-9171 https://nvd.nist.gov/vuln/detail/CVE-2025-9171