Headline
CVE-2022-1988: - Añadida comprobación de html en descripción al test unitario del mo… · NeoRazorX/facturascripts@93fc65c
Cross-site Scripting (XSS) - Generic in GitHub repository neorazorx/facturascripts prior to 2022.09.
@@ -185,12 +185,13 @@ public static function tableName(): string
public function test(): bool
{
$this->codcuenta = trim($this->codcuenta);
$this->descripcion = $this->toolBox()->utils()->noHtml($this->descripcion);
if (empty($this->codcuenta) || false === is_numeric($this->codcuenta)) {
$this->toolBox()->i18nLog()->warning('invalid-number’, [‘%number%’ => $this->codcuenta]);
return false;
}
$this->descripcion = $this->toolBox()->utils()->noHtml($this->descripcion);
if (strlen($this->descripcion) < 1 || strlen($this->descripcion) > 255) {
$this->toolBox()->i18nLog()->warning('invalid-column-lenght’, [‘%column%’ => 'descripcion’, ‘%min%’ => '1’, ‘%max%’ => ‘255’]);
return false;
Related news
FacturaScripts 2022.08 and prior is vulnerable to cross-site scripting. A patch is available on the `master` branch of the repository and anticipated to be part of version 2022.09.