neorazorx facturascripts prior 2022.07 URL cross site scripting

A vulnerability was found in neorazorx facturascripts. It has been rated as problematic. This issue affects an unknown functionality of the component URL Handler. Upgrading to version 2022.07 eliminates this vulnerability. Applying the patch 8e31d8434014a6d1e8791a489d84268fd74b0c9a is able to eliminate this problem. The bugfix is ready for download at github.com. The best possible mitigation is suggested to be upgrading to the latest version.

Field05/14/2022 03:59 PM05/14/2022 04:04 PM05/14/2022 04:10 PM
vendorneorazorxneorazorxneorazorx
namefacturascriptsfacturascriptsfacturascripts
componentURL HandlerURL HandlerURL Handler
cwe79 (cross site scripting)79 (cross site scripting)79 (cross site scripting)
risk111
cvss3_vuldb_avNNN
cvss3_vuldb_acLLL
cvss3_vuldb_prNNN
cvss3_vuldb_uiRRR
cvss3_vuldb_sUUU
cvss3_vuldb_cNNN
cvss3_vuldb_iLLL
cvss3_vuldb_aNNN
cvss3_vuldb_rlOOO
cvss3_vuldb_rcCCC
urlhttps://huntr.dev/bounties/e962d191-93e2-405e-a6af-b4a4e4d02527https://huntr.dev/bounties/e962d191-93e2-405e-a6af-b4a4e4d02527https://huntr.dev/bounties/e962d191-93e2-405e-a6af-b4a4e4d02527
nameUpgradeUpgradeUpgrade
upgrade_version2022.072022.072022.07
patch_name8e31d8434014a6d1e8791a489d84268fd74b0c9a8e31d8434014a6d1e8791a489d84268fd74b0c9a8e31d8434014a6d1e8791a489d84268fd74b0c9a
patch_urlhttps://github.com/neorazorx/facturascripts/commit/8e31d8434014a6d1e8791a489d84268fd74b0c9ahttps://github.com/neorazorx/facturascripts/commit/8e31d8434014a6d1e8791a489d84268fd74b0c9ahttps://github.com/neorazorx/facturascripts/commit/8e31d8434014a6d1e8791a489d84268fd74b0c9a
cveCVE-2022-1682CVE-2022-1682CVE-2022-1682
cve_assigned165230640016523064001652306400
date1652306400 (05/12/2022)1652306400 (05/12/2022)1652306400 (05/12/2022)
cvss2_vuldb_avNNN
cvss2_vuldb_acLLL
cvss2_vuldb_auNNN
cvss2_vuldb_ciNNN
cvss2_vuldb_iiPPP
cvss2_vuldb_aiNNN
cvss2_vuldb_rcCCC
cvss2_vuldb_rlOFOFOF
cvss2_vuldb_eNDNDND
cvss3_vuldb_eXXX
cvss2_vuldb_basescore5.05.05.0
cvss2_vuldb_tempscore4.44.44.4
cvss3_vuldb_basescore4.34.34.3
cvss3_vuldb_tempscore4.14.14.1
cvss3_meta_basescore4.36.86.8
cvss3_meta_tempscore4.16.76.7
price_0day$0-$5k$0-$5k$0-$5k
identifier8e31d8434014a6d1e8791a489d84268fd74b0c9a8e31d8434014a6d1e8791a489d84268fd74b0c9a8e31d8434014a6d1e8791a489d84268fd74b0c9a
cve_nvd_summaryReflected Xss using url based payload in GitHub repository neorazorx/facturascripts prior to 2022.07. Xss can use to steal user's cookies which lead to Account takeover or do any malicious activity in victim's browserReflected Xss using url based payload in GitHub repository neorazorx/facturascripts prior to 2022.07. Xss can use to steal user's cookies which lead to Account takeover or do any malicious activity in victim's browserReflected Xss using url based payload in GitHub repository neorazorx/facturascripts prior to 2022.07. Xss can use to steal user's cookies which lead to Account takeover or do any malicious activity in victim's browser
cvss3_cna_avNN
cvss3_cna_acLL
cvss3_cna_prNN
cvss3_cna_uiNN
cvss3_cna_sUU
cvss3_cna_cHH
cvss3_cna_iHH
cvss3_cna_aLL
cve_cnahuntr.devhuntr.dev
cvss3_cna_basescore9.49.4

Do you need the next level of professionalism?

Upgrade your account now!