Headline
GHSA-m8gv-gvhf-7rhp: Cross-site Scripting in FacturaScripts
FacturaScripts versions 2022.06 and prior are vulnerable to reflected cross-site scripting attacks. This vulnerability can use arbitrarily executed javascript code to steal users’ cookies, perform HTTP request, get content of same origin page, etc. A fix is available on the master branch of the GitHub repository and anticipated to be part of version 2022.07.
Cross-site Scripting in FacturaScripts
Moderate severity GitHub Reviewed Published May 5, 2022 • Updated May 24, 2022
Related news
CVE-2022-1571: Cross-site scripting - Reflected in Create Subaccount in facturascripts
Cross-site scripting - Reflected in Create Subaccount in GitHub repository neorazorx/facturascripts prior to 2022.07. This vulnerability can be arbitrarily executed javascript code to steal user'cookie, perform HTTP request, get content of `same origin` page, etc ...