Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools

Indian Invoicing System

Source -

CNA

CNA CVEs -

4

ADP CVEs -

0

CISA CVEs -

0

NVD CVEs -

0
Related CVEsRelated VendorsRelated AssignersReports
4Vulnerabilities found
CVE-2026-9414
Assigner-VulDB
ShareView Details
Assigner-VulDB
CVSS Score-5.1||MEDIUM
EPSS-Not Assigned
Published-25 May, 2026 | 01:30
Updated-25 May, 2026 | 01:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SourceCodester Indian Invoicing System Invoice Template Render Database-Backed add_order.php cross site scripting

A security flaw has been discovered in SourceCodester Indian Invoicing System up to 0.x/1.0. The impacted element is an unknown function of the file /Invoicing/add_order.php of the component Invoice Template Render Database-Backed. The manipulation of the argument customer_name results in cross site scripting. The attack may be launched remotely. The exploit has been released to the public and may be used for attacks.

Action-Not Available
Vendor-SourceCodester
Product-Indian Invoicing System
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2026-9413
Assigner-VulDB
ShareView Details
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-Not Assigned
Published-25 May, 2026 | 01:15
Updated-25 May, 2026 | 01:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SourceCodester Indian Invoicing System category.php cross site scripting

A vulnerability was identified in SourceCodester Indian Invoicing System 1.0. The affected element is an unknown function of the file /Invoicing/category.php. The manipulation of the argument msg leads to cross site scripting. The attack may be initiated remotely. The exploit is publicly available and might be used.

Action-Not Available
Vendor-SourceCodester
Product-Indian Invoicing System
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2026-9412
Assigner-VulDB
ShareView Details
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-Not Assigned
Published-25 May, 2026 | 01:00
Updated-25 May, 2026 | 01:00
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SourceCodester Indian Invoicing System Backend Endpoint access control

A vulnerability was determined in SourceCodester Indian Invoicing System 1.0. Impacted is an unknown function of the component Backend Endpoint. Executing a manipulation can lead to improper access controls. The attack can be launched remotely. The exploit has been publicly disclosed and may be utilized. Multiple endpoints are affected.

Action-Not Available
Vendor-SourceCodester
Product-Indian Invoicing System
CWE ID-CWE-266
Incorrect Privilege Assignment
CWE ID-CWE-284
Improper Access Control
CVE-2026-9411
Assigner-VulDB
ShareView Details
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-Not Assigned
Published-25 May, 2026 | 00:45
Updated-25 May, 2026 | 00:45
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SourceCodester Indian Invoicing System Invoice Generation IGST_Invoice.php sql injection

A vulnerability was found in SourceCodester Indian Invoicing System 1.0. This issue affects some unknown processing of the file /Invoicing/IGST_Invoice.php of the component Invoice Generation Handler. Performing a manipulation of the argument customer_name/category results in sql injection. The attack can be initiated remotely. The exploit has been made public and could be used.

Action-Not Available
Vendor-SourceCodester
Product-Indian Invoicing System
CWE ID-CWE-74
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')