CVE-2023-25439

Name of the Vulnerable Software and Affected Versions Square Pig FusionInvoice version 2023-1.0

Description A Stored Cross Site Scripting (XSS) issue allows attackers to execute arbitrary code via the description or content fields in expenses, tasks, and customer details. This enables malicious activities by injecting scripts into these fields.

Recommendations For Square Pig FusionInvoice version 2023-1.0, consider disabling the editing of description and content fields in expenses, tasks, and customer details until a patch is available. Restrict access to these fields to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.