Application is vulnerable to Reflected cross site scripting attack on create Invoice.
Step 1: Login into the application https://gitstable.yetiforce.com/index.php
Step 2: Navigate to Quick Create -> Cost Invoice
Step 3: Click on Source and enter the XSS Playload in Description and observe the pop up.
Video POC