Cross-site Scripting (XSS) - Stored in bigprof-software/online-invoicing-system
Jul 3rd 2021
stored xss via client comment
🕵️♂️ Proof of Concept
1. First goto
http://localhost/online-invoice3/app/clients_view.php and create a new client .
During creation put bellow xss payload in comment section and save it .
xss"'><img src=x onerror=alert()>
2. Now any user open this client then xss is executed .