CVE-2019-16282

CVE-2019-16282 affects NCH Express Invoice v7.12. The vulnerability is a persistent cross-site scripting (XSS) flaw exploitable via the Invoices/Items/Customers/Quotes input fields. An authenticated unprivileged user can modify parameters in these fields to inject arbitrary JavaScript. The issue ...