SolidInvoice Stored Cross-Site Scripting Vulnerability in Tax Rates Module
Vulnerability
A stored cross-site scripting vulnerability has been identified in SolidInvoice versions through 2.4.0. The issue resides in the Tax Rates module, specifically within the '/tax/rates' endpoint. The vulnerability is triggered by manipulating the 'name' parameter in the Tax Rate creation form, allowing for the injection of malicious JavaScript. This injected script is executed whenever the tax rates list is accessed, potentially affecting all authenticated users.
Impact
Exploitation of this vulnerability allows for the injection of persistent JavaScript, which is executed when the tax rate list is accessed. This could lead to various malicious outcomes, such as stealing cookies or session tokens from users.
Reproduction
To reproduce this vulnerability, log into an account on a SolidInvoice instance prior to 2.4.0. Navigate to the Tax Rates section and create a new tax rate. Inject a script payload into the Name field, which is not sanitized before being saved. Once the tax rate is saved, the injected script will execute when the tax rates list is accessed.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.