CVE-2026-46489 - SolidInvoice: Unrestricted file upload with no MIME validation allows stored XSS via malicious SVG logo
CVE ID :CVE-2026-46489 Published : June 11, 2026, 8:16 p.m. | 48 minutes ago Description :SolidInvoice is an open-source invoicing platform. Prior to version 2.3.17, the company logo upload feature accepts any file type without validation. An authenticated administrator can upload an SVG file...