CVE-2025-64030
Eximbills Enterprise 4.1.5 (built 2020-10-30) is vulnerable to authenticated stored cross-site scripting (CWE-79) via the /EximBillWeb/servlets/WSTrxManager endpoint. Unsanitized input in the TMPL_INFO parameter is stored server-side and rendered to other users, enabling arbitrary JavaScript exec...