Security
- Unauthorized access to company [Critical Severity]
- HTML code injection leads to XSS via avatar [High Severity]
- Stored XSS in Sales > Invoices [High Severity]
- PHP code execution from price field [Low Severity]
- DoS by manipulating the locale variable [Low Severity]
- Password reset link modifiable [Low Severity]
- Code execution from price field [Low Severity]