phpMoneyBooks is prone to multiple HTML-injection vulnerabilities because the application fails to properly sanitize user-supplied input.
An attacker can exploit these issues to execute arbitrary script code in the context of the affected browser, potentially allowing the attacker to steal cookie-based authentication credentials. Other attacks are also possible.
phpMoneyBooks 1.0.3 is vulnerable; other versions may also be affected.
Proof of Concept and Security Exploits
Attackers can use a browser to exploit these issues.
Solution: Updates are available. Please see the references for more information.