CVE-2025-9169

A vulnerability was determined in SolidInvoice up to 2.4.0. Impacted is an unknown function of the file /quotes of the component Quote Module. This manipulation of the argument Name causes cross site scripting. Remote exploitation of the attack is possible. The exploit has been publicly disclosed and may be utilized. The vendor was contacted early about this disclosure but did not respond in any way.
Cross-site Scripting
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
3.5 LOW
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N
VulDBCNA
3.5 LOW
CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R
CISA-ADPADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 12%
VendorProductVersion
solidinvoicesolidinvoice
𝑥
≤ 2.4.0
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://github.com/Gabrielmouraofc/PoC_Vuldb/blob/main/%F0%9F%93%84PoC%20-%20Stored%20XSS%203.md
https://github.com/Gabrielmouraofc/PoC_Vuldb/blob/main/%F0%9F%93%84PoC%20-%20Stored%20XSS%203.md#-exploitation-steps
https://vuldb.com/?ctiid.320546
https://vuldb.com/?id.320546
https://vuldb.com/?submit.630626
https://github.com/Gabrielmouraofc/PoC_Vuldb/blob/main/%F0%9F%93%84PoC%20-%20Stored%20XSS%203.md
https://github.com/Gabrielmouraofc/PoC_Vuldb/blob/main/%F0%9F%93%84PoC%20-%20Stored%20XSS%203.md#-exploitation-steps