Cross-site Scripting (XSS) - Reflected in yetiforcecompany/yetiforcecrmValid
Dec 10th 2021
Application is vulnerable to Reflected cross site scripting attack on create Invoice.
Proof of Concept
Step 1: Login into the application https://gitstable.yetiforce.com/index.php
Step 2: Navigate to Quick Create -> Cost Invoice
Step 3: Click on Source and enter the XSS Playload in Description and observe the pop up.