Описание
Cross-site Scripting in FacturaScripts
FacturaScripts versions 2022.06 and prior are vulnerable to reflected cross-site scripting attacks. This vulnerability can use arbitrarily executed javascript code to steal users' cookies, perform HTTP request, get content of same origin page, etc. A fix is available on the master branch of the GitHub repository and anticipated to be part of version 2022.07.
Пакеты
Наименование
facturascripts/facturascripts
composer
Затронутые версииВерсия исправления
<= 2022.06
2022.07
Связанные уязвимости
CVSS3: 6.1
nvd
почти 4 года назад
Cross-site scripting - Reflected in Create Subaccount in GitHub repository neorazorx/facturascripts prior to 2022.07. This vulnerability can be arbitrarily executed javascript code to steal user'cookie, perform HTTP request, get content of `same origin` page, etc ...