Soumettre #630639: Open-Source SolidInvoice 2.4.0 PoC – Stored XSS via Client Name Field in SolidInvoice 2.4.0information

Titre	Open-Source SolidInvoice 2.4.0 PoC – Stored XSS via Client Name Field in SolidInvoice 2.4.0
Description	SolidInvoice 2.4.0 contains a stored Cross-Site Scripting (XSS) vulnerability in the Clients module (/clients). The name parameter in the Add New Client form is not properly sanitized, allowing an authenticated attacker to inject malicious JavaScript code. The payload is stored in the database and executed automatically whenever the clients list is accessed, resulting in persistent JavaScript execution in the browsers of authenticated users. Exploitation requires authentication. This is PoC Stored XSS #5. The complete proof of concept and detailed exploitation steps are documented in the file: ???? PoC Stored XSS #5 - Client Name Field – SolidInvoice 2.4.0.
La source	⚠️ https://github.com/Gabrielmouraofc/PoC_Vuldb.git
Utilisateur	GabrielMoura (UID 88644)
Soumission	08/08/2025 03:41 (il y a 10 mois)
Modérer	19/08/2025 15:37 (11 days later)
Statut	Accepté
Entrée VulDB	320548 [SolidInvoice jusqu’à 2.4.0 Clients /clients Nom cross site scripting]
Points	20

Do you need the next level of professionalism?

Upgrade your account now!