facturascripts is vulnerable to cross-site scripting. An attacker is able to inject malicious code via model fields, allowing stealing of user’s cookie, performing HTTP request and getting content of same origin
page, and so on.
CPE | Name | Operator | Version |
---|---|---|---|
facturascripts/facturascripts | eq | v2022.06 | |
facturascripts/facturascripts | eq | v2022.06 |