CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

OSV•added 2022/05/13 5:10 p.m.•27 views

CVE-2022-1715 Account Takeover in neorazorx/facturascripts

Account Takeover in GitHub repository neorazorx/facturascripts prior to 2022.07...

9.8CVSS9.4AI score0.01329EPSS

Veracode•added 2022/05/13 4:31 a.m.•20 views

Cross-site Scripting (XSS)

facturascripts/facturascripts is vulnerable to reflected cross-site scripting. The vulnerability exists in the privateCore function of EditPageOption.php' due to the lack of sanitization which allows an attacker to inject and execute malicious javascript...

6.1CVSS2.4AI score0.00709EPSS

Exploits1References5Affected Software1

Github Security Blog•added 2022/05/13 12:1 a.m.•21 views

Cross-site Scripting in facturascripts

Reflected cross-site scripting using url based payload in GitHub repository neorazorx/facturascripts prior to 2022.08. This can lead to theft of a user's cookies, which in turn could lead to account takeover or do other malicious activities in a victim's browser...

9.4CVSS2.4AI score0.00709EPSS

Exploits1References4Affected Software1

OSV•added 2022/05/13 12:1 a.m.•21 views

GHSA-6465-R752-2H8V Cross-site Scripting in facturascripts

6.1CVSS6AI score0.00709EPSS

CNNVD•added 2022/05/13 12:0 a.m.•2 views

FacturaScripts 安全漏洞

FacturaScripts is an open source ERP software from Carlos Garcia, an individual developer in Spain. A security vulnerability exists in FacturaScripts versions prior to 2022.07 that stems from an account takeover issue...

9.8CVSS8.2AI score0.01329EPSS

Positive Technologies•added 2022/05/13 12:0 a.m.•2 views

PT-2022-14067 · Unknown · Neorazorx/Facturascripts

Name of the Vulnerable Software and Affected Versions: neorazorx/facturascripts versions prior to 2022.07 Description: The issue is related to an Account Takeover in the GitHub repository neorazorx/facturascripts. It is caused by improper type casting. Recommendations: For versions prior to...

9.8CVSS9.4AI score0.01329EPSS

Exploits1References7

ATTACKERKB•added 2022/05/12 9:15 a.m.•3 views

CVE-2022-1682

Reflected Xss using url based payload in GitHub repository neorazorx/facturascripts prior to 2022.07. Xss can use to steal user's cookies which lead to Account takeover or do any malicious activity in victim's browser...

9.4CVSS6.9AI score0.00709EPSS

NVD•added 2022/05/12 9:15 a.m.•31 views

CVE-2022-1682

9.4CVSS0.00709EPSS

CVE•added 2022/05/12 8:15 a.m.•96 views

CVE-2022-1682

The CVE-2022-1682 entry describes a reflected cross-site scripting (XSS) vulnerability in FacturaScripts (neorazorx/facturascripts) prior to version 2022.07. The root cause is reflected XSS via URL-based payloads, allowing an attacker to steal cookies and potentially take over user accounts or pe...

9.4CVSS6.5AI score0.00709EPSS

Exploits1References2Affected Software1

Cvelist•added 2022/05/12 8:15 a.m.•31 views

CVE-2022-1682 Reflected Xss using url based payload in neorazorx/facturascripts

9.4CVSS6.5AI score0.00709EPSS

OSV•added 2022/05/12 8:15 a.m.•17 views

CVE-2022-1682 Reflected Xss using url based payload in neorazorx/facturascripts

9.4CVSS8AI score0.00709EPSS

CNNVD•added 2022/05/12 12:0 a.m.•4 views

FacturaScripts 跨站脚本漏洞

FacturaScripts is an ERP software. FacturaScripts versions prior to 2022.07 contain a cross-site scripting vulnerability that could be exploited by attackers to steal a user's cookie, which could lead to account takeover or any malicious activity in the victim's browser...

9.4CVSS7.2AI score0.00709EPSS

CNVD•added 2022/05/09 12:0 a.m.•20 views

FacturaScripts Cross-Site Scripting Vulnerability (CNVD-2022-76230)

FacturaScripts is an ERP software. cross-site scripting vulnerability exists in versions prior to FacturaScripts 2022.07, which can be exploited by attackers to execute arbitrary javascript code, steal user cookies, execute HTTP requests, obtain "same-origin " page content, etc...

4.3CVSS2.5AI score0.00814EPSS

Exploits1Affected Software1

Veracode•added 2022/05/05 11:47 a.m.•17 views

Cross-site Scripting (XSS)

facturascripts is vulnerable to cross-site scripting. An attacker is able to inject malicious code via model fields, allowing stealing of user's cookie, performing HTTP request and getting content of same origin page, and so on...

6.1CVSS1.8AI score0.00814EPSS

Exploits1References2Affected Software1

OSV•added 2022/05/05 12:0 a.m.•16 views

GHSA-M8GV-GVHF-7RHP Cross-site Scripting in FacturaScripts

FacturaScripts versions 2022.06 and prior are vulnerable to reflected cross-site scripting attacks. This vulnerability can use arbitrarily executed javascript code to steal users' cookies, perform HTTP request, get content of same origin page, etc. A fix is available on the master branch of the...

6.1CVSS6AI score0.00814EPSS

Github Security Blog•added 2022/05/05 12:0 a.m.•22 views

Cross-site Scripting in FacturaScripts

9.9CVSS1.4AI score0.00814EPSS

Exploits1References4Affected Software1

ATTACKERKB•added 2022/05/04 11:15 a.m.•3 views

CVE-2022-1571

Cross-site scripting - Reflected in Create Subaccount in GitHub repository neorazorx/facturascripts prior to 2022.07. This vulnerability can be arbitrarily executed javascript code to steal user'cookie, perform HTTP request, get content of same origin page, etc...

9.9CVSS6.9AI score0.00814EPSS

NVD•added 2022/05/04 11:15 a.m.•26 views

CVE-2022-1571

9.9CVSS0.00814EPSS