CVE ID :CVE-2026-33742 Published : March 26, 2026, 8:50 p.m. | 37 minutes ago Description :Invoice Ninja is a source-available invoice, quote, project and time-tracking app built with Laravel. Product notes fields in Invoice Ninja v5.13.0 allow raw HTML via Markdown rendering, enabling stored XSS. The Markdown parser output was not sanitized with `purify::clean()` before being included in invoice templates. This is fixed in v5.13.4 by the vendor by adding `purify::clean()` to sanitize Markdown output. Severity: 0.0 | NA Visit the link for more details, such as CVSS details, affected products, timeline, and more...