kivitendo/kivitendo-erp

Releases126

Frequency1 month 2 weeks

Last Release 7 months ago

Stars117

Web-based ERP system for the German market

CVE History

CVE	Published	CVSS v3	CVSS v2
CVE-2025-66370 ↗	Nov 28, 2025Friday, 28 November 2025, 04:16	5 MEDIUM	—
Kivitendo before 3.9.2 allows XXE injection. By uploading an electronic invoice in the ZUGFeRD format, it is possible to read and exfiltrate files from the server's filesystem.