CVE-2025-9170 MEDIUM

CVE-2025-9170: SolidInvoice Tax Rates rates cross site scripting

Vendor N/A
Product SolidInvoice
Weakness CWE-79 · XSS
Published August 19, 2025
Last update August 20, 2025
View on NVD All CVEs

CVSS base score

5.1/10
Attack vector Network
Attack complexity Low
Privileges required Low
User interaction
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P

What the vulnerability does

01Description

A vulnerability was identified in SolidInvoice up to 2.4.0. The affected element is an unknown function of the file /tax/rates of the component Tax Rates Module. Such manipulation of the argument Name leads to cross site scripting. The attack can be executed remotely. The exploit is publicly available and might be used. The vendor was contacted early about this disclosure but did not respond in any way.

Key dates

02Disclosure timeline

August 19, 2025 CVE published
August 20, 2025 Record updated

Related vulnerabilities

04Related CVE

CVE-2025-10710 07FLYCMS/07FLY-CMS/07FlyCRM index.php cross site scripting CVE-2024-1993 Icon Widget <= 1.3.0 - Authenticated(Contributor+) Stored Cross-Site Scripting via shortcode CVE-2024-24558 react-query-streamed-hydration xss CVE-2025-3794 WPForms Lite <= 1.9.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'start_timestamp' Parameter CVE-2025-20273 Cisco Unified Intelligent Contact Management Enterprise Cross-Site Scripting vulnerability