From b6a90f788036f5bfd43fd630a772dcbf9ea0fd1f Mon Sep 17 00:00:00 2001
From: jekkos <jeroen.peelaerts@gmail.com>
Date: Tue, 3 Mar 2026 22:37:08 +0100
Subject: [PATCH] Fix XSS vulnerability in register (#3965)

---
 app/Views/sales/register.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/app/Views/sales/register.php b/app/Views/sales/register.php
index d6c65deeb..298a4a7ea 100644
--- a/app/Views/sales/register.php
+++ b/app/Views/sales/register.php
@@ -252,7 +252,7 @@ helper('url');
                                         echo form_input(['name' => 'description', 'class' => 'form-control input-sm', 'value' => $item['description'], 'onClick' => 'this.select();']);
                                     } else {
                                         if ($item['description'] != '') {
-                                            echo $item['description'];
+                                            echo esc($item['description']);
                                             echo form_hidden('description', $item['description']);
                                         } else {
                                             echo lang(ucfirst($controller_name) . '.no_description');