CVE Search Engine - Security Vulnerabilities and Exploits Search Tool | Vulners.com

🔥 Daily Hot!

💪🏽 CPE Enhanced Advisories

🕶 Shadow Exploits

🕵🏼 Vulners CPE

🔐 Security news

💻 Exploit updates

📑 Blogs review

🐧 Linux vulnerabilities

🤖 AI High Score

show all

204 matches found

Veracode•added 2022/06/06 4:4 a.m.•22 views

Cross-site Scripting (XSS)

facturascripts/facturascripts is vulnerable to cross-site scripting. The vulnerability exists due to the lack of sanitization in the descripcion parameter in the test function of Cuenta.php, allowing an attacker to inject and execute malicious taint data...

6.1CVSS6AI score0.00735EPSS

Exploits1References4Affected Software1

Huntr•added 2022/06/04 1:3 p.m.•37 views

Cross-site scripting - Reflected XSS caused by error logs in neorazorx/facturascripts

Description There are two fields that can insert the XSS payload by the error log. 1. http://127.0.0.1/facturascripts/EditBalance, the codbalance field 2. http://127.0.0.1/facturascripts/EditSettings, the tipoidfiscal field in Fiscal Id Both fields require 1 and 25 numbers or letters, no spaces,...

3.5CVSS0.3AI score0.00628EPSS

Github Security Blog•added 2022/06/04 12:0 a.m.•16 views

Cross-site Scripting in FacturaScripts

FacturaScripts 2022.08 and prior is vulnerable to cross-site scripting. A patch is available on the master branch of the repository and anticipated to be part of version 2022.09...

6.5CVSS2.2AI score0.00735EPSS

Exploits1References4Affected Software1

OSV•added 2022/06/04 12:0 a.m.•27 views

GHSA-R7JW-MG27-J839 Cross-site Scripting in FacturaScripts

FacturaScripts 2022.08 and prior is vulnerable to cross-site scripting. A patch is available on the master branch of the repository and anticipated to be part of version 2022.09...

6.5CVSS5.9AI score0.00735EPSS

Exploits1References4

ATTACKERKB•added 2022/06/03 8:15 a.m.•3 views

CVE-2022-1988

Cross-site Scripting XSS - Generic in GitHub repository neorazorx/facturascripts prior to 2022.09...

6.5CVSS6.5AI score0.00735EPSS

Exploits1References3

NVD•added 2022/06/03 8:15 a.m.•12 views

CVE-2022-1988

Cross-site Scripting XSS - Generic in GitHub repository neorazorx/facturascripts prior to 2022.09...

6.5CVSS0.00735EPSS

Exploits1References2

Prion•added 2022/06/03 8:15 a.m.•14 views

Cross site scripting

Cross-site Scripting XSS - Generic in GitHub repository neorazorx/facturascripts prior to 2022.09...

4.3CVSS6AI score0.00735EPSS

Exploits1References2Affected Software1

Cvelist•added 2022/06/03 8:5 a.m.•20 views

CVE-2022-1988 Cross-site Scripting (XSS) - Generic in neorazorx/facturascripts

Cross-site Scripting XSS - Generic in GitHub repository neorazorx/facturascripts prior to 2022.09...

6.5CVSS6.2AI score0.00735EPSS

Exploits1References2

OSV•added 2022/06/03 8:5 a.m.•21 views

CVE-2022-1988 Cross-site Scripting (XSS) - Generic in neorazorx/facturascripts

Cross-site Scripting XSS - Generic in GitHub repository neorazorx/facturascripts prior to 2022.09...

6.5CVSS6.7AI score0.00735EPSS

Exploits1References4

CVE•added 2022/06/03 8:5 a.m.•98 views

CVE-2022-1988

Summary: CVE-2022-1988 is a Cross-site Scripting (XSS) vulnerability in the open‑source ERP project FacturaScripts (GitHub: neorazorx/facturascripts), affecting versions prior to 2022.09. Root cause: lack of sanitization in input handling for the descripcion parameter in Cuenta.php, enabling inje...

6.5CVSS6AI score0.00735EPSS

Exploits1References2Affected Software1

CNNVD•added 2022/06/03 12:0 a.m.•3 views

FacturaScripts 跨站脚本漏洞

FacturaScripts is an open source ERP software from the individual developer Carlos Garcia in Spain. A security vulnerability exists in FacturaScripts versions prior to 2022.09, which stems from a cross-site scripting XSS vulnerability in the GitHub repository neorazorx/facturascripts storage...

6.5CVSS6.1AI score0.00735EPSS

Exploits1References3

Huntr•added 2022/05/30 6:54 a.m.•30 views

Refelect XSS in neorazorx/facturascripts

Description /facturascripts/EditCuenta can input the taint data without sanitization by the parameter description Proof of Concept POST /facturascripts/EditCuenta HTTP/1.1 Host: 127.0.0.1 Content-Length: 1115 Cache-Control: max-age=0 sec-ch-ua: "NotA:Brand";v="8", "Chromium";v="101"...

4.3CVSS0.7AI score0.00735EPSS

Huntr•added 2022/05/18 4:44 a.m.•6 views

Stored XSS

Description Stored XSS in ListAgenciaTransporte module in facturascripts is triggered when clicking the scrolling middle mouse button. Proof of Concept 1.Create a new non-admin account 2.Login and goto http://localhost/invoices/EditAgenciaTransporte 3.Add new user with website link to...

Exploits0References1

Veracode•added 2022/05/17 10:5 a.m.•19 views

Privilege Escalation

facturascripts/facturascripts is vulnerable to privilege escalation. The vulnerability exists in the newUserPassword function in AppController.php due to a lack of validation in the password field which allows an unauthorized user to access the user account...

9.8CVSS8.9AI score0.01329EPSS

Exploits1References5Affected Software1

CNVD•added 2022/05/16 12:0 a.m.•14 views

FacturaScripts Cross-Site Scripting Vulnerability () CNVD-2022-77854

FacturaScripts is an ERP software. FacturaScripts versions prior to 2022.07 contain a cross-site scripting vulnerability that could be exploited by attackers to steal a user's cookie, which could lead to account takeover or any malicious activity in the victim's browser...

4.3CVSS4AI score0.00709EPSS

Exploits1Affected Software1

OSV•added 2022/05/14 12:1 a.m.•29 views

GHSA-VJQ3-X3F2-FVXQ Account takeover in facturascripts

Account Takeover in GitHub repository neorazorx/facturascripts prior to 2022.08 due to improper type casting...

9.8CVSS9.5AI score0.01329EPSS

Exploits1References4

Github Security Blog•added 2022/05/14 12:1 a.m.•27 views

Account takeover in facturascripts

Account Takeover in GitHub repository neorazorx/facturascripts prior to 2022.08 due to improper type casting...

9.8CVSS2.2AI score0.01329EPSS

Exploits1References4Affected Software1

ATTACKERKB•added 2022/05/13 5:15 p.m.•3 views

CVE-2022-1715

Account Takeover in GitHub repository neorazorx/facturascripts prior to 2022.07...

9.8CVSS5.8AI score0.01329EPSS

Exploits1References3

NVD•added 2022/05/13 5:15 p.m.•14 views

CVE-2022-1715

Account Takeover in GitHub repository neorazorx/facturascripts prior to 2022.07...

9.8CVSS0.01329EPSS

Exploits1References2

OSV•added 2022/05/13 5:10 p.m.•27 views

CVE-2022-1715 Account Takeover in neorazorx/facturascripts

Account Takeover in GitHub repository neorazorx/facturascripts prior to 2022.07...

9.8CVSS9.4AI score0.01329EPSS

Exploits1References4

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by