FacturaScripts 跨站脚本漏洞

FacturaScripts is an open source ERP software from the individual developer Carlos Garcia in Spain. A cross-site scripting vulnerability exists in NeoRazorX FacturaScripts versions prior to 2022.04, which stems from a lack of filtering and escaping of the title parameter executed on the EditUser...

Cross-Site Request Forgery (CSRF) in neorazorx/facturascripts

✍️ Description Attacker able to delete any number of Warehouse Products with CSRF attack. It does not matter at all that your application run in localhost or elsewhere, just it is enough to run on a browser and another low privilege user or attackers know the IP address or hostname of your...

Cross-Site Request Forgery (CSRF) in neorazorx/facturascripts

✍️ Description Attacker able to delete any number of Accounting Reports with CSRF attack. It does not matter at all that your application run in localhost or elsewhere, just it is enough to run on a browser and another low privilege user or attackers know the IP address or hostname of your...

facturascripts.com XSS vulnerability

Open Bug Bounty ID: OBB-647725 Description| Value ---|--- Affected Website:| facturascripts.com Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...