Vulnerability Description
A vulnerability was determined in SolidInvoice up to 2.4.0. Impacted is an unknown function of the file /quotes of the component Quote Module. This manipulation of the argument Name causes cross site scripting. Remote exploitation of the attack is possible. The exploit has been publicly disclosed and may be utilized. The vendor was contacted early about this disclosure but did not respond in any way.
CVSS Score
LOW
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Solidinvoice | Solidinvoice | <= 2.4.0 |
Related Weaknesses (CWE)
References
- https://github.com/Gabrielmouraofc/PoC_Vuldb/blob/main/%F0%9F%93%84PoC%20-%20StoExploitThird Party Advisory
- https://github.com/Gabrielmouraofc/PoC_Vuldb/blob/main/%F0%9F%93%84PoC%20-%20StoExploitThird Party Advisory
- https://vuldb.com/?ctiid.320546Permissions Required
- https://vuldb.com/?id.320546Third Party AdvisoryVDB Entry
- https://vuldb.com/?submit.630626Third Party AdvisoryVDB Entry
- https://github.com/Gabrielmouraofc/PoC_Vuldb/blob/main/%F0%9F%93%84PoC%20-%20StoExploitThird Party Advisory
- https://github.com/Gabrielmouraofc/PoC_Vuldb/blob/main/%F0%9F%93%84PoC%20-%20StoExploitThird Party Advisory
FAQ
What is CVE-2025-9169?
CVE-2025-9169 is a vulnerability with a CVSS score of 3.5 (LOW). A vulnerability was determined in SolidInvoice up to 2.4.0. Impacted is an unknown function of the file /quotes of the component Quote Module. This manipulation of the argument Name causes cross site ...
How severe is CVE-2025-9169?
CVE-2025-9169 has been rated LOW with a CVSS base score of 3.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2025-9169?
Check the references section above for vendor advisories and patch information. Affected products include: Solidinvoice Solidinvoice.