SolidInvoice version 2.3.7 is vulnerable to a Stored Cross-Site Scripting (XSS) issue in the Tax Rates functionality. The vulnerability is fixed in version 2.3.8.
History

Tue, 02 Sep 2025 18:15:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 6.1, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N'}

cvssV3_1

{'score': 5.4, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N'}


Tue, 02 Sep 2025 16:45:00 +0000

Type Values Removed Values Added
References

Tue, 02 Sep 2025 16:00:00 +0000

Type Values Removed Values Added
Description SolidInvoice 2.3.7 and fixed in v.2.3.8 is vulnerable to Cross Site Scripting (XSS) in the Tax Rate functionality. SolidInvoice version 2.3.7 is vulnerable to a Stored Cross-Site Scripting (XSS) issue in the Tax Rates functionality. The vulnerability is fixed in version 2.3.8.
References

Fri, 29 Aug 2025 17:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-79
Metrics cvssV3_1

{'score': 6.1, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Fri, 29 Aug 2025 16:45:00 +0000

Type Values Removed Values Added
Description SolidInvoice 2.3.7 and fixed in v.2.3.8 is vulnerable to Cross Site Scripting (XSS) in the Tax Rate functionality.
References

cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published:

Updated: 2025-09-02T17:53:49.960Z

Reserved: 2025-08-13T00:00:00.000Z

Link: CVE-2025-55579

cve-icon Vulnrichment

Updated: 2025-08-29T17:02:59.020Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2025-08-29T17:15:35.173

Modified: 2025-09-02T18:15:35.943

Link: CVE-2025-55579

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

No data.