CVE-2022-1457

Source
https://nvd.nist.gov/vuln/detail/CVE-2022-1457
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-1457.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2022-1457
Aliases
Published
2022-04-25T10:15:09Z
Modified
2024-10-12T08:52:04.961298Z
Severity
  • 5.4 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVSS Calculator
Summary
[none]
Details

Store XSS in title parameter executing at EditUser Page & EditProducto page in GitHub repository neorazorx/facturascripts prior to 2022.04. Cross-site scripting attacks can have devastating consequences. Code injected into a vulnerable application can exfiltrate data or install malware on the user's machine. Attackers can masquerade as authorized users via session cookies, allowing them to perform any action allowed by the user account.

References

Affected packages

Git / github.com/neorazorx/facturascripts

Affected ranges

Type
GIT
Repo
https://github.com/neorazorx/facturascripts
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed

Affected versions

2018.*

2018.03
2018.04
2018.05
2018.11

v2018.*

v2018.12
v2018.13
v2018.14
v2018.15
v2018.16

v2020.*

v2020.01
v2020.2
v2020.3
v2020.4
v2020.51
v2020.61
v2020.71
v2020.80

Other

v2021

v2021.*

v2021.1
v2021.2
v2021.4
v2021.51
v2021.71
v2021.81