CVE-2022-1571 Cross-site scripting - Reflected in Create Subaccount in neorazorx/facturascripts

Cross-site scripting - Reflected in Create Subaccount in GitHub repository neorazorx/facturascripts prior to 2022.07. This vulnerability can be arbitrarily executed javascript code to steal user'cookie, perform HTTP request, get content of same origin page, etc...

CVE-2022-1571 Cross-site scripting - Reflected in Create Subaccount in neorazorx/facturascripts

Cross-site scripting - Reflected in Create Subaccount in GitHub repository neorazorx/facturascripts prior to 2022.07. This vulnerability can be arbitrarily executed javascript code to steal user'cookie, perform HTTP request, get content of same origin page, etc...

FacturaScripts 跨站脚本漏洞

FacturaScripts is an ERP software. cross-site scripting vulnerability exists in versions prior to FacturaScripts 2022.07, which can be exploited by attackers to execute arbitrary javascript code, steal user cookies, execute HTTP requests, obtain "same-origin " page content, etc...

Cross-site Scripting (XSS)

facturascripts/facturascripts is vulnerable to cross-site scripting. The vulnerability exists due to the lack of sanitization in the ini parameter in the getPluginInfo function of PluginManager.php, allowing an attacker to inject and execute malicious javascript...

Cross site scripting in FacturaScripts

FacturaScripts prior to version 2022.06 is vulnerable to stored cross-site scripting via upload plugin functionality in zip format...

GHSA-P3W3-4PPM-C3F6 Cross site scripting in FacturaScripts

FacturaScripts prior to version 2022.06 is vulnerable to stored cross-site scripting via upload plugin functionality in zip format...

CVE-2022-1514

Stored XSS via upload plugin functionality in zip format in GitHub repository neorazorx/facturascripts prior to 2022.06. Cross-site scripting attacks can have devastating consequences. Code injected into a vulnerable application can exfiltrate data or install malware on the user's machine...

CVE-2022-1514

Stored XSS via upload plugin functionality in zip format in GitHub repository neorazorx/facturascripts prior to 2022.06. Cross-site scripting attacks can have devastating consequences. Code injected into a vulnerable application can exfiltrate data or install malware on the user's machine...

Cross site scripting

Stored XSS via upload plugin functionality in zip format in GitHub repository neorazorx/facturascripts prior to 2022.06. Cross-site scripting attacks can have devastating consequences. Code injected into a vulnerable application can exfiltrate data or install malware on the user's machine...

CVE-2022-1514

CVE-2022-1514 refers to a stored XSS vulnerability in FacturaScripts prior to 2022.06, triggered via the upload plugin functionality when handling ZIP-format plugins. The issue arises from unsanitized input in the plugin loading path (notably the PluginManager.php ini parameter per Veracode descr...

CVE-2022-1514 Stored XSS via upload plugin functionality in zip format in neorazorx/facturascripts

Stored XSS via upload plugin functionality in zip format in GitHub repository neorazorx/facturascripts prior to 2022.06. Cross-site scripting attacks can have devastating consequences. Code injected into a vulnerable application can exfiltrate data or install malware on the user's machine...

Improper Access Control (IDOR)

Description Improper Access Control IDOR could leak admin information. Proof of Concept 1.Login as admin, edit a role to give permission show a user information - save 2.Login as an user with that role - go to url http://my.facturascripts.site/EditUser?code=admin&action=export&option=PDF - Can se...

FacturaScripts 跨站脚本漏洞

FacturaScripts is an open source ERP software by Carlos Garcia, an individual developer in Spain. A security vulnerability exists in FacturaScripts that originates from storing XSS in zip format in the GitHub repository neorazorx/facturascripts via the upload plugin feature. An attacker could...

Refelect XSS in facturascripts

Description facturascripts is vulnerable to XSS in fsNick parameter Proof of Concept save this code as poc.html history.pushState'', '', '/' document.forms0.submit; open file with your browser - xss trigger...

Cross-Site Scripting (XSS)

facturascripts/facturascripts is vulnerable to stored cross-site scripting. The vulnerability exists in EditPageOption.php due to improper sanitization which allows an attacker to inject and execute arbitrary scripts...

Cross site scripting in facturascripts

facturasripts is an open source ERP software. Store XSS in title parameter executing at EditUser Page & EditProducto page in GitHub repository neorazorx/facturascripts prior to 2022.04. Cross-site scripting attacks can have devastating consequences. Code injected into a vulnerable application can...

GHSA-8WP2-VXPG-XCVP Cross site scripting in facturascripts

facturasripts is an open source ERP software. Store XSS in title parameter executing at EditUser Page & EditProducto page in GitHub repository neorazorx/facturascripts prior to 2022.04. Cross-site scripting attacks can have devastating consequences. Code injected into a vulnerable application can...

CVE-2022-1457

Store XSS in title parameter executing at EditUser Page & EditProducto page in GitHub repository neorazorx/facturascripts prior to 2022.04. Cross-site scripting attacks can have devastating consequences. Code injected into a vulnerable application can exfiltrate data or install malware on the...

CVE-2022-1457

CVE-2022-1457 corresponds to a stored XSS vulnerability in the FacturaScripts project neorazorx/facturascripts, affecting the title parameter on EditUser and EditProducto pages prior to 2022.04. The issue allows an attacker to inject scripts that can exfiltrate data or compromise user sessions, w...

CVE-2022-1457 Store XSS in title parameter executing at EditUser Page & EditProducto page in neorazorx/facturascripts

Store XSS in title parameter executing at EditUser Page & EditProducto page in GitHub repository neorazorx/facturascripts prior to 2022.04. Cross-site scripting attacks can have devastating consequences. Code injected into a vulnerable application can exfiltrate data or install malware on the...