Cross Site Scripting vulnerability in Petrol Pump Mangement Software v.1.0 allows an malicious user to execute arbitrary code via a crafted payload to the Address parameter in the add_invoices.php component.