{"id":"CVE-2017-1000508","details":"Invoice Plane version 1.5.4 and earlier contains a Cross Site Scripting (XSS) vulnerability in Client's details that can result in execution of javascript code . This vulnerability appears to have been fixed in 1.5.5 and later.","modified":"2026-07-08T11:47:26.171354Z","published":"2018-02-09T23:29:00.290Z","references":[{"type":"REPORT","url":"https://github.com/InvoicePlane/InvoicePlane/pull/557"},{"type":"FIX","url":"https://github.com/InvoicePlane/InvoicePlane/pull/557/commits/3fc256ccef403f5be9982f02ef340d9e01daabb2"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/invoiceplane/invoiceplane","events":[{"introduced":"0"},{"last_affected":"38a42bc9ac99e795d41214d9f5d782542643bc76"}],"database_specific":{"cpe":"cpe:2.3:a:invoiceplane:invoiceplane:*:*:*:*:*:*:*:*","extracted_events":[{"introduced":"0"},{"last_affected":"1.5.4"}],"source":"CPE_RANGE"}}],"versions":["v1.5.4","v1.5.3","v1.5.2","v1.5.1","v1.5.0","v1.4.10","v1.4.9","v1.4.8","v1.4.7","v1.4.6","v1.4.5","v1.4.4","v1.4.3","v1.4.2","v1.4.1","v1.4.0","v1.2.0","v1.1.0","v1.0.1","v1.0.0","0.9beta"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2017-1000508.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}]}