We’ve just released security update for HostBill, as a response to potentially dangerous XSS Vulnerability.
Applying update
To apply security update please download latest and update HostBill to 2013-12-14 version.
You can also use our auto-upgrade plugin to perform this automatically.
Upgrading to new version: http://wiki.hostbillapp.com/index.php?title=Upgrading_to_new_version
Using auto upgrade plugin: http://wiki.hostbillapp.com/index.php?title=Auto-Upgrade_plugin
We believe that this vulnerability is not known to the public, its severity depends on adminarea protection.
KBKP Software always encourages our clients to take extra steps for protection:
http://wiki.hostbillapp.com/index.php?title=Additional_security_steps
Big thanks to team Rack911 (https://www.rack911.com/) for identifying and reporting this problem.