CVE-2022-1571

Опубликовано: 04 мая 2022

Источник: nvd

CVSS3: 9.9

CVSS3: 6.1

CVSS2: 4.3

EPSS Низкий

Описание

Cross-site scripting - Reflected in Create Subaccount in GitHub repository neorazorx/facturascripts prior to 2022.07. This vulnerability can be arbitrarily executed javascript code to steal user'cookie, perform HTTP request, get content of same origin page, etc ...

Ссылки

https://github.com/neorazorx/facturascripts/commit/482c5a82b4d79e7a19614f5a67dc24593046cefd
Patch
Third Party Advisory
https://huntr.dev/bounties/4578a690-73e5-4313-840c-ee15e5329741
Exploit
Patch
Third Party Advisory
https://github.com/neorazorx/facturascripts/commit/482c5a82b4d79e7a19614f5a67dc24593046cefd
Patch
Third Party Advisory
https://huntr.dev/bounties/4578a690-73e5-4313-840c-ee15e5329741
Exploit
Patch
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:facturascripts:facturascripts:*:*:*:*:*:*:*:*

Версия до 2022.07 (исключая)

EPSS

Процентиль: 55%

0.00322

Низкий

9.9 Critical

CVSS3

6.1 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-79

Связанные уязвимости

GHSA-m8gv-gvhf-7rhp

CVSS3: 6.1

github

почти 4 года назад

Cross-site Scripting in FacturaScripts

EPSS

Процентиль: 55%

0.00322

Низкий

9.9 Critical

CVSS3

6.1 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-79