Skip to main content

Facturascripts CVE-2022-1457

MEDIUM
Cross-site Scripting (XSS) (CWE-79)
2022-04-25 security@huntr.dev
5.4
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
5.4 MEDIUM
AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
Required
Scope
Changed
Confidentiality
Low
Integrity
Low
Availability
None

Lifecycle Timeline

1
CVE Published
Apr 25, 2022 - 10:15 nvd
MEDIUM 5.4

DescriptionNVD

Store XSS in title parameter executing at EditUser Page & EditProducto page in GitHub repository neorazorx/facturascripts prior to 2022.04. Cross-site scripting attacks can have devastating consequences. Code injected into a vulnerable application can exfiltrate data or install malware on the user's machine. Attackers can masquerade as authorized users via session cookies, allowing them to perform any action allowed by the user account.

AnalysisAI

Store XSS in title parameter executing at EditUser Page & EditProducto page in GitHub repository neorazorx/facturascripts prior to 2022.04. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Technical ContextAI

This vulnerability is classified as Cross-Site Scripting (XSS) (CWE-79), which allows attackers to inject malicious scripts into web pages viewed by other users. Store XSS in title parameter executing at EditUser Page & EditProducto page in GitHub repository neorazorx/facturascripts prior to 2022.04. Cross-site scripting attacks can have devastating consequences. Code injected into a vulnerable application can exfiltrate data or install malware on the user's machine. Attackers can masquerade as authorized users via session cookies, allowing them to perform any action allowed by the user account. Affected products include: Facturascripts. Version information: prior to 2022.04..

RemediationAI

A vendor patch is available. Apply the latest security update as soon as possible. Sanitize all user input, use Content-Security-Policy headers, encode output contextually (HTML, JS, URL). Use frameworks with built-in XSS protection.

CVE-2022-1715 CRITICAL POC
9.8 May 13

Account Takeover in GitHub repository neorazorx/facturascripts prior to 2022.07. Rated critical severity (CVSS 9.8), thi

CVE-2026-25514 HIGH POC
8.8 Feb 04

FacturaScripts is open-source enterprise resource planning and accounting software. [CVSS 8.8 HIGH]

CVE-2026-25513 HIGH POC
8.8 Feb 04

Authenticated users can execute arbitrary SQL commands against FacturaScripts REST API endpoints through unsanitized sor

CVE-2026-23997 HIGH POC
8.0 Feb 02

FacturaScripts versions 2025.71 and earlier contain a stored XSS vulnerability in the Observations field that executes a

CVE-2022-2066 MEDIUM POC
6.1 Jun 13

Cross-site Scripting (XSS) - Reflected in GitHub repository neorazorx/facturascripts prior to 2022.06. Rated medium seve

CVE-2022-1988 MEDIUM POC
6.1 Jun 03

Cross-site Scripting (XSS) - Generic in GitHub repository neorazorx/facturascripts prior to 2022.09. Rated medium severi

CVE-2022-1682 MEDIUM POC
6.1 May 12

Reflected Xss using url based payload in GitHub repository neorazorx/facturascripts prior to 2022.07. Rated medium sever

CVE-2022-1571 MEDIUM POC
6.1 May 04

Cross-site scripting - Reflected in Create Subaccount in GitHub repository neorazorx/facturascripts prior to 2022.07. Ra

CVE-2026-23476 MEDIUM POC
5.4 Feb 02

Reflected cross-site scripting in FacturaScripts prior to version 2025.8 allows authenticated attackers to inject malici

CVE-2022-2065 MEDIUM POC
5.4 Jun 13

Cross-site Scripting (XSS) - Stored in GitHub repository neorazorx/facturascripts prior to 2022.06. Rated medium severit

CVE-2022-2016 MEDIUM POC
5.4 Jun 09

Cross-site Scripting (XSS) - Reflected in GitHub repository neorazorx/facturascripts prior to 2022.1. Rated medium sever

CVE-2022-1514 MEDIUM POC
5.4 Apr 28

Stored XSS via upload plugin functionality in zip format in GitHub repository neorazorx/facturascripts prior to 2022.06.

Share

CVE-2022-1457 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy