SolidInvoice version 2.3.7 is vulnerable to a stored cross-site scripting (XSS) issue in the Clients module. An authenticated attacker can inject JavaScript that executes in other users' browsers when the Clients page is viewed. The vulnerability is fixed in version 2.3.8.
History

Tue, 02 Sep 2025 18:15:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 6.1, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N'}

cvssV3_1

{'score': 5.4, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N'}


Tue, 02 Sep 2025 16:45:00 +0000

Type Values Removed Values Added
References

Tue, 02 Sep 2025 16:15:00 +0000

Type Values Removed Values Added
Description SolidInvoice 2.3.7 and v.2.3.8 is vulnerable to Cross Site Scripting (XSS) in the client's functionality. SolidInvoice version 2.3.7 is vulnerable to a stored cross-site scripting (XSS) issue in the Clients module. An authenticated attacker can inject JavaScript that executes in other users' browsers when the Clients page is viewed. The vulnerability is fixed in version 2.3.8.
References

Fri, 29 Aug 2025 17:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-79
Metrics cvssV3_1

{'score': 6.1, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Fri, 29 Aug 2025 16:45:00 +0000

Type Values Removed Values Added
Description SolidInvoice 2.3.7 and v.2.3.8 is vulnerable to Cross Site Scripting (XSS) in the client's functionality.
References

cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published:

Updated: 2025-09-02T17:53:14.026Z

Reserved: 2025-08-13T00:00:00.000Z

Link: CVE-2025-55580

cve-icon Vulnrichment

Updated: 2025-08-29T17:04:10.528Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2025-08-29T17:15:35.480

Modified: 2025-09-02T18:15:36.150

Link: CVE-2025-55580

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

No data.