3 matches found
CVE-2022-1988
Cross-site Scripting XSS - Generic in GitHub repository neorazorx/facturascripts prior to 2022.09...
Important: golang-github-cpuguy83-md2man
Issue Overview: 2023-05-11: CVE-2022-1996 has changed status to NOT AFFECTED for this package and has been removed from this advisory. A flaw was found in golang. The HTTP/1 client accepted invalid Transfer-Encoding headers indicating "chunked" encoding. This issue could allow request smuggling,...
CVE-2022-1988
Summary: CVE-2022-1988 is a Cross-site Scripting (XSS) vulnerability in the open‑source ERP project FacturaScripts (GitHub: neorazorx/facturascripts), affecting versions prior to 2022.09. Root cause: lack of sanitization in input handling for the descripcion parameter in Cuenta.php, enabling inje...