Invoiceplane Security Vulnerabilities (CVEs)
Track 13 security vulnerabilities affecting Invoiceplane products and software. Get instant email alerts when new CVEs are discovered, automated security monitoring, and patch guidance.
A stored cross-site scripting (XSS) vulnerability in InvoicePlane allows authenticated users with Invoice Groups management permissions to inject mali...
Feb 18, 2026A stored cross-site scripting (XSS) vulnerability in InvoicePlane 1.7.0 allows authenticated administrators to inject malicious JavaScript via the Inv...
Feb 18, 2026InvoicePlane 1.7.0 contains a stored XSS vulnerability in the Login Logo upload function that accepts SVG files. An authenticated administrator can up...
Feb 18, 2026InvoicePlane 1.7.0 contains a critical Remote Code Execution vulnerability that allows authenticated administrators to execute arbitrary system comman...
Feb 18, 2026InvoicePlane 1.7.0 contains a stored XSS vulnerability in the Edit Invoices function where the invoice_number parameter lacks input validation. This a...
Feb 18, 2026InvoicePlane 1.7.0 has a stored XSS vulnerability in the Edit Quotes function where the quote_number parameter lacks input validation. Attackers with ...
Feb 18, 2026CVE-2026-23491 is a path traversal vulnerability in InvoicePlane that allows unauthenticated attackers to read arbitrary files on the server by manipu...
Feb 18, 2026An authenticated SQL injection vulnerability in InvoicePlane allows attackers to extract arbitrary data from the database by manipulating report gener...
Jan 15, 2026CVE-2025-67083 is a directory traversal vulnerability in InvoicePlane that allows unauthenticated attackers to read arbitrary files from the server. T...
Jan 15, 2026This vulnerability allows authenticated attackers to upload malicious PHP files as attachments in InvoicePlane, which can then be executed remotely to...
Jan 15, 2026InvoicePlane versions before commit debb446c are vulnerable to an authorization bypass that allows users to view invoices belonging to other accounts....
Dec 16, 2025This CVE describes a path traversal vulnerability in InvoicePlane's invoices.php file that allows attackers to access arbitrary files on the server by...
Dec 16, 2024CVE-2021-29024 is a directory traversal vulnerability in InvoicePlane that allows unauthenticated attackers to list directories and download files tha...
May 17, 2021Why Monitor Invoiceplane Security Vulnerabilities?
Real-time CVE tracking: Our automated system monitors 13+ known vulnerabilities affecting Invoiceplane products and software packages. Stay ahead of emerging threats with instant email notifications when new security issues are discovered.
Automated security monitoring: Unlike manual CVE checking, FixTheCVE automatically scans your servers and detects vulnerable Invoiceplane packages in under 60 seconds. No agents required - completely agentless scanning that works across Invoiceplane deployments.
Free vulnerability database: Access detailed information about every Invoiceplane CVE including CVSS scores, severity ratings, affected versions, and actionable patch guidance. Filter by critical, high, medium, or low severity to prioritize your security remediation efforts.
🚀 Get Started in 60 Seconds
- Register free account & add your servers
- Run one-time scan or schedule automatic monitoring (every 1-24 hours)
- Receive instant alerts when new Invoiceplane CVEs affect your systems
- Access dashboard with severity breakdown & fix instructions
