CVE-2024-12667 | InvoicePlane up to 1.6.1 /invoices/view session expiration

A vulnerability was found in InvoicePlane up to 1.6.1 and classified as problematic. Affected by this issue is some unknown functionality of the file /invoices/view. The manipulation leads to session expiration.

This vulnerability is handled as CVE-2024-12667. The attack may be launched remotely. Furthermore, there is an exploit available.

The vendor was contacted early, responded in a very professional manner and quickly released a fixed version of the affected product.

It is recommended to upgrade the affected component.

The vendor was contacted early, responded in a very professional manner and quickly released a fixed version of the affected product.

CVE-2024-12667 | InvoicePlane up to 1.6.1 /invoices/view session expiration

Post correlati

CVE-2024-54433 | Simple Booking Widget Plugin up to 1.1 on WordPress cross-site request forgery

CVE-2024-9060 | AVIF & SVG Uploader Plugin up to 1.1.0 on WordPress SVG File Upload cross site scripting

CVE-2024-34795 | Tainacan.org Tainacan Plugin up to 0.21.3 on WordPress cross site scripting

CVE-2024-22490 | beetl-bbs 2.0 /index keyword cross site scripting