Advisory Name: Multiple Permanent Cross-site Scripting in Phreebooks v2.0 Internal Cybsec Advisory Id: Vulnerability Class: Permanent Cross-site Scripting Release Date: 2010-05-26 Affected Applications: Phreebooks v2.0 Affected Platforms: Any running Phreebooks v2.0 Local / Remote: Remote Severity: Medium – CVSS: 4.3 (AV:N/AC:M/Au:N/C:N/I:P/A:N) Researcher: Gustavo Sorondo Vendor Status: N/A Reference to Vulnerability Disclosure Policy: http://www.cybsec.com/vulnerability_policy.pdf Vulnerability Description: Multiple permanent Cross-site Scripting vulnerabilities were found in Phreebooks v2.0, because the application fails to sanitize user-supplied input. The vulnerability can be triggered by any logged-in user who is able to add or modify Vendors, Customers, Employees or Inventary items. Download: https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/13776.pdf (cybsec_advisory_2010_0603_Phreebooks_v2_0_Multiple_Permanent_Cross_site_Scripting.pdf)