From 02fccaf43f1c13ffbc0ff718a5ab179440c43259 Mon Sep 17 00:00:00 2001
From: jekkos <jekkos@users.noreply.github.com>
Date: Fri, 13 Mar 2026 16:09:04 +0000
Subject: [PATCH] Fix XSS vulnerability in tax invoice view (#4432)

Co-authored-by: Ollama <ollama@steganos.dev>
---
 app/Views/sales/tax_invoice.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/app/Views/sales/tax_invoice.php b/app/Views/sales/tax_invoice.php
index fddcc6d3f..eb73a8304 100644
--- a/app/Views/sales/tax_invoice.php
+++ b/app/Views/sales/tax_invoice.php
@@ -139,7 +139,7 @@ if (isset($error_message)) {
             if ($item['print_option'] == PRINT_YES) {    // TODO: === ?
         ?>
                 <tr class="item-row">
-                    <td><?= $item['item_number'] ?></td>
+                    <td><?= esc($item['item_number']) ?></td>
                     <?php if ($include_hsn): ?>
                         <td style="text-align: center;"><?= esc($item['hsn_code']) ?></td>
                     <?php endif; ?>