Cross-site scripting (XSS) vulnerability in KBKP Software HostBill before 2013-12-14 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
https://exchange.xforce.ibmcloud.com/vulnerabilities/89750
http://secunia.com/advisories/56124
http://hostbillapp.com/changelog
http://extras.hostbillapp.com/security-advisory-hostbill-version-2013-12-14/