Simple Invoice version 2011 suffers from a persistent cross site scripting vulnerability.
b7e6887a45c5931cb176e53c1412937e536b0e740967f6ff17918aae0d32a09a
# Affected software: simple invoice
# Type of vulnerability:stored xss
# URL:simpleinvoices.org
# Discovered by: provensec
# Website: provensec.com
#version:2011
# Proof of concept
goto
http://demo.simpleinvoices.org/index.php?module=payment_types&view=manage
add new or edit some older payment type and fill the description filed with
xss payload
and save it javascript will execute