# Affected software: simple invoice
# Type of vulnerability:stored xss
# URL:simpleinvoices.org
# Discovered by: provensec
# Website: provensec.com

#version:2011
# Proof of concept
goto
http://demo.simpleinvoices.org/index.php?module=payment_types&view=manage

add new or edit some older payment type and fill the description filed with
xss payload
and save it javascript will execute