204 matches found
EUVD-2022-5372
Malicious code in bioql PyPI...
EUVD-2022-2709
Malicious code in bioql PyPI...
CVE-2022-1988
Cross-site Scripting XSS - Generic in GitHub repository neorazorx/facturascripts prior to 2022.09...
CVE-2022-2016
Cross-site Scripting XSS - Reflected in GitHub repository neorazorx/facturascripts prior to 2022.1...
CVE-2022-1457
Store XSS in title parameter executing at EditUser Page & EditProducto page in GitHub repository neorazorx/facturascripts prior to 2022.04. Cross-site scripting attacks can have devastating consequences. Code injected into a vulnerable application can exfiltrate data or install malware on the...
CVE-2022-1514
Stored XSS via upload plugin functionality in zip format in GitHub repository neorazorx/facturascripts prior to 2022.06. Cross-site scripting attacks can have devastating consequences. Code injected into a vulnerable application can exfiltrate data or install malware on the user's machine...
CVE-2022-1715
Account Takeover in GitHub repository neorazorx/facturascripts prior to 2022.07...
CVE-2022-1571
Cross-site scripting - Reflected in Create Subaccount in GitHub repository neorazorx/facturascripts prior to 2022.07. This vulnerability can be arbitrarily executed javascript code to steal user'cookie, perform HTTP request, get content of same origin page, etc...
CVE-2022-2065
Cross-site Scripting XSS - Stored in GitHub repository neorazorx/facturascripts prior to 2022.06...
CVE-2022-2066
Cross-site Scripting XSS - Reflected in GitHub repository neorazorx/facturascripts prior to 2022.06...
Stored XSS in EditEstadoDocumento
Description In facturascripts/EditEstadoDocumento, the field Icon can be injected an XSS payload into it. Proof of Concept // PoC.js POST /facturascripts/EditEstadoDocumento?code=27&action=save-ok HTTP/1.1 Host: 127.0.0.1 Content-Length: 1224 Cache-Control: max-age=0 sec-ch-ua:...
FacturaScripts Cross-Site Scripting Vulnerability
FacturaScripts is an ERP software. A cross-site scripting vulnerability exists in FacturaScripts versions prior to 2022.06, which can be exploited by an attacker to execute JavaScript code on the client side...
FacturaScripts Cross-Site Scripting Vulnerability (CNVD-2022-59043)
FacturaScripts is an ERP software. A cross-site scripting vulnerability exists in versions prior to facturascripts 2022.06, which stems from a lack of filename validation, and can be exploited by an attacker to upload a svg file resulting in a cross-site scripting attack...
Cross-site Scripting (XSS)
facturascripts/facturascripts is vulnerable to cross site scripting. The vulnerability exists due to a lack of sanitization of the username field allowing an attacker to input maliciously crafted script via the username field when showing 'login-user-not-found' message...
GHSA-H6WM-MR85-4H9G Cross site scripting in facturascripts
A Cross-site Scripting XSS vulnerability exists in the fsNick parameter in facturascripts prior to version 2022.06...
GHSA-FP76-F299-V3HJ Cross-site Scripting in FacturaScripts
Cross-site Scripting XSS - Stored in GitHub repository neorazorx/facturascripts prior to 2022.06...
Cross-site Scripting in FacturaScripts
Cross-site Scripting XSS - Stored in GitHub repository neorazorx/facturascripts prior to 2022.06...
Cross site scripting in facturascripts
A Cross-site Scripting XSS vulnerability exists in the fsNick parameter in facturascripts prior to version 2022.06...
CVE-2022-2066
Cross-site Scripting XSS - Reflected in GitHub repository neorazorx/facturascripts prior to 2022.06...
CVE-2022-2065
Cross-site Scripting XSS - Stored in GitHub repository neorazorx/facturascripts prior to 2022.06...