Cross site scripting in FacturaScripts · CVE-2022-1514 · GitHub Advisory Database · GitHub

Cross site scripting in FacturaScripts

Critical severity GitHub Reviewed Published Apr 29, 2022 to the GitHub Advisory Database • Updated Jan 30, 2023

Package

facturascripts/facturascripts (Composer)

Affected versions

< 2022.06

Patched versions

2022.06

Description

FacturaScripts prior to version 2022.06 is vulnerable to stored cross-site scripting via upload plugin functionality in zip format.

References

Published by the National Vulnerability Database

Apr 28, 2022

Published to the GitHub Advisory Database Apr 29, 2022

Reviewed Apr 29, 2022

Last updated Jan 30, 2023

Severity

Critical

/ 10

CVSS v3 base metrics

Attack vector

Network

Attack complexity

High

Privileges required

None

User interaction

None

Scope

Changed

Confidentiality

High

Integrity

High

Availability

High

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H