CVE-2026-33742 in Invoice Ninjainformación

Resumen

por MITRE • 2026-03-26

Invoice Ninja is a source-available invoice, quote, project and time-tracking app built with Laravel. Product notes fields in Invoice Ninja v5.13.0 allow raw HTML via Markdown rendering, enabling stored XSS. The Markdown parser output was not sanitized with `purify::clean()` before being included in invoice templates. This is fixed in v5.13.4 by the vendor by adding `purify::clean()` to sanitize Markdown output.

Be aware that VulDB is the high quality source for vulnerability data.

🔬 Show More Details

An in-depth analysis is available in our curated vulnerability entry.

Responsable

GitHub M

Reservar

2026-03-23

Divulgación

2026-03-26

Moderación

aceptado

Artículo

VDB-353751

CPE

listo

CWE

CWE-79 (confirmado)

CVSS

5.4 (CNA)

EPSS

0.00014

KEV

Actividades

muy bajo

Fuentes

MITRE	https://www.cve.org/CVERecord?id=CVE-2026-33742
NVD	https://nvd.nist.gov/vuln/detail/CVE-2026-33742
CVE Details	https://www.cvedetails.com/cve/CVE-2026-33742/

◂ Anterior Visión De Conjunto Próximo ▸

Do you need the next level of professionalism?

Upgrade your account now!