9.4
CVE-2022-1682
- EPSS 0.71%
- Veröffentlicht 12.05.2022 09:15:13
- Zuletzt bearbeitet 21.11.2024 06:41:14
- Quelle security@huntr.dev
- CVE-Watchlists
- Unerledigt
LoginReflected Xss using url based payload in neorazorx/facturascripts
Reflected Xss using url based payload in GitHub repository neorazorx/facturascripts prior to 2022.07. Xss can use to steal user's cookies which lead to Account takeover or do any malicious activity in victim's browser
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Facturascripts ≫ Facturascripts Version < 2022.07
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.71% | 0.486 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 6.1 | 2.8 | 2.7 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
|
| nvd@nist.gov | 4.3 | 8.6 | 2.9 |
AV:N/AC:M/Au:N/C:N/I:P/A:N
|
| security@huntr.dev | 9.4 | 3.9 | 5.5 |
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L
|
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
https://github.com/neorazorx/facturascripts/commit/8e31d8434014a6d1e8791a489d84268fd74b0c9a
https://huntr.dev/bounties/e962d191-93e2-405e-a6af-b4a4e4d02527