LedgerSMB is a free web-based double-entry bookkeeping system with quoting, ordering, invoicing, projects, time cards, inventory management, shipping, etc. A cross-site scripting vulnerability exists in LedgerSMB, which stems from the application’s failure to adequately encode HTML for error messages sent to browsers, and could be exploited by an attacker by sending a specially crafted URL to an authenticated user The vulnerability can be exploited for remote code execution and information disclosure by sending a specially crafted URL to an authenticated user.