Simple Invoice 2011 Cross Site Scripting

2015-05-20T00:00:00
ID PACKETSTORM:131990
Type packetstorm
Reporter Provensec
Modified 2015-05-20T00:00:00

Description

                                        
                                            `# Affected software: simple invoice  
# Type of vulnerability:stored xss  
# URL:simpleinvoices.org  
# Discovered by: provensec  
# Website: provensec.com  
  
#version:2011  
# Proof of concept  
goto  
http://demo.simpleinvoices.org/index.php?module=payment_types&view=manage  
  
add new or edit some older payment type and fill the description filed with  
xss payload  
and save it javascript will execute  
  
`