NCH Express Invoice 8.06 to 8.24 is vulnerable to Reflected XSS in the Quotes List module.
nchsoftware express invoice