{"id":"CVE-2021-3977","details":"invoiceninja is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')","aliases":["GHSA-xg6r-5gx4-qxjm"],"modified":"2026-04-10T04:37:27.843929Z","published":"2021-12-24T20:15:08.137Z","references":[{"type":"FIX","url":"https://huntr.dev/bounties/99c4ed09-b66f-474a-bd74-eeccf9339fde"},{"type":"FIX","url":"https://github.com/invoiceninja/invoiceninja/commit/1186eaa82375692d01d5ef3369c5b7bc7315b55f"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/invoiceninja/invoiceninja","events":[{"introduced":"0"},{"fixed":"53bebc4d0f530573e27cd2526af1eb465706ed08"},{"introduced":"3239a1c041cad5d174e460b526f1fa6b96cec66a"},{"fixed":"dcc4b13524ff290620c83ea80920adf6cb3585a0"},{"fixed":"1186eaa82375692d01d5ef3369c5b7bc7315b55f"}],"database_specific":{"versions":[{"introduced":"0"},{"fixed":"4.5.47"},{"introduced":"5.0"},{"fixed":"5.3.33"}]}}],"versions":["v4.5.20","v4.5.21","v4.5.22","v4.5.23","v4.5.24","v4.5.27","v4.5.28","v4.5.29","v4.5.30","v4.5.31","v4.5.32","v4.5.33","v4.5.34","v4.5.35","v4.5.36","v4.5.37","v4.5.38","v4.5.39","v4.5.40","v4.5.41","v4.5.42","v4.5.43","v4.5.44","v4.5.45","v4.5.46","v5.0","v5.0-release","v5.0.1","v5.0.1-release","v5.0.10","v5.0.10-release","v5.0.11","v5.0.12","v5.0.12-release","v5.0.13","v5.0.13-release","v5.0.16","v5.0.16-release","v5.0.17","v5.0.17-release","v5.0.18","v5.0.18-release","v5.0.19","v5.0.19-release","v5.0.2","v5.0.2-release","v5.0.20","v5.0.20-release","v5.0.21","v5.0.21-release","v5.0.22","v5.0.23","v5.0.23-release","v5.0.23r","v5.0.23r-release","v5.0.24","v5.0.24-release","v5.0.25","v5.0.25-release","v5.0.26","v5.0.26-release","v5.0.27","v5.0.27-r1","v5.0.27-release","v5.0.28","v5.0.29","v5.0.29-release","v5.0.3","v5.0.3-release","v5.0.30","v5.0.30-release","v5.0.31","v5.0.31-release","v5.0.32","v5.0.33","v5.0.33-release","v5.0.34","v5.0.34-release","v5.0.35","v5.0.35-release","v5.0.36","v5.0.37","v5.0.38","v5.0.38-release","v5.0.39","v5.0.39-release","v5.0.4","v5.0.4-release","v5.0.40","v5.0.41","v5.0.41-release","v5.0.42","v5.0.42-release","v5.0.43","v5.0.43-release","v5.0.44","v5.0.44-release","v5.0.45","v5.0.45-release","v5.0.46","v5.0.46-release","v5.0.47","v5.0.47-release","v5.0.48","v5.0.48-release","v5.0.49","v5.0.49-release","v5.0.5","v5.0.5-release","v5.0.50","v5.0.50-release","v5.0.51","v5.0.51-release","v5.0.52","v5.0.52-release","v5.0.53","v5.0.53-release","v5.0.54","v5.0.54-release","v5.0.55","v5.0.55-release","v5.0.56","v5.0.56-release","v5.0.6","v5.0.7","v5.0.8","v5.0.9","v5.1.0","v5.1.0-release","v5.1.1","v5.1.1-release","v5.1.10","v5.1.10-release","v5.1.11","v5.1.11-release","v5.1.12","v5.1.12-release","v5.1.13","v5.1.13-release","v5.1.14","v5.1.14-release","v5.1.15","v5.1.15-release","v5.1.16","v5.1.16-release","v5.1.17","v5.1.17-release","v5.1.18","v5.1.18-release","v5.1.19","v5.1.19-release","v5.1.2","v5.1.2-release","v5.1.20","v5.1.20-release","v5.1.21","v5.1.21-release","v5.1.22","v5.1.22-release","v5.1.23","v5.1.23-release","v5.1.24","v5.1.24-release","v5.1.25","v5.1.25-release","v5.1.26","v5.1.26-release","v5.1.27","v5.1.27-release","v5.1.28","v5.1.28-release","v5.1.29","v5.1.29-release","v5.1.3","v5.1.3-release","v5.1.30","v5.1.30-release","v5.1.31","v5.1.31-release","v5.1.32","v5.1.32-release","v5.1.33","v5.1.33-release","v5.1.34","v5.1.34-release","v5.1.35","v5.1.35-release","v5.1.36","v5.1.36-release","v5.1.37","v5.1.37-release","v5.1.38","v5.1.38-release","v5.1.39","v5.1.39-release","v5.1.4","v5.1.4-release","v5.1.40","v5.1.40-release","v5.1.41","v5.1.41-release","v5.1.42","v5.1.42-release","v5.1.43","v5.1.43-release","v5.1.44","v5.1.44-release","v5.1.45","v5.1.45-release","v5.1.46","v5.1.46-release","v5.1.47","v5.1.47-release","v5.1.48","v5.1.48-release","v5.1.49","v5.1.49-release","v5.1.5","v5.1.5-release","v5.1.50","v5.1.50-release","v5.1.51","v5.1.51-release","v5.1.52","v5.1.52-release","v5.1.53","v5.1.53-release","v5.1.54","v5.1.54-release","v5.1.55","v5.1.55-release","v5.1.56","v5.1.56-release","v5.1.57","v5.1.57-release","v5.1.58","v5.1.58-release","v5.1.59","v5.1.59-release","v5.1.6","v5.1.6-release","v5.1.60","v5.1.60-release","v5.1.61","v5.1.61-release","v5.1.62","v5.1.62-release","v5.1.63","v5.1.63-release","v5.1.64","v5.1.64-release","v5.1.65","v5.1.65-release","v5.1.66","v5.1.66-release","v5.1.67","v5.1.67-release","v5.1.68","v5.1.68-release","v5.1.69","v5.1.69-release","v5.1.7","v5.1.7-release","v5.1.70","v5.1.70-release","v5.1.71","v5.1.71-release","v5.1.72","v5.1.73","v5.1.73-release","v5.1.74","v5.1.74-release","v5.1.8","v5.1.8-release","v5.1.9","v5.1.9-release","v5.2.0","v5.2.0-release","v5.2.1","v5.2.1-release","v5.2.10","v5.2.11","v5.2.12","v5.2.13","v5.2.14","v5.2.15","v5.2.16","v5.2.17","v5.2.18","v5.2.19","v5.2.2","v5.2.2-release","v5.2.3","v5.2.4","v5.2.4-1","v5.2.4-2","v5.2.4-3","v5.2.5","v5.2.5-release","v5.2.6","v5.2.7","v5.2.8","v5.2.9","v5.3.0","v5.3.1","v5.3.10","v5.3.11","v5.3.12","v5.3.13","v5.3.14","v5.3.15","v5.3.16","v5.3.17","v5.3.18","v5.3.19","v5.3.2","v5.3.20","v5.3.21","v5.3.22","v5.3.23","v5.3.24","v5.3.25","v5.3.26","v5.3.27","v5.3.28","v5.3.29","v5.3.3","v5.3.30","v5.3.31","v5.3.32","v5.3.4","v5.3.5","v5.3.6","v5.3.7","v5.3.8","v5.3.9"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-3977.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"}]}