Facturascripts
CVE-2022-1715
CRITICAL
Severity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
1DescriptionNVD
Account Takeover in GitHub repository neorazorx/facturascripts prior to 2022.07.
AnalysisAI
Account Takeover in GitHub repository neorazorx/facturascripts prior to 2022.07. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.
Technical ContextAI
This vulnerability is classified under CWE-1125. Account Takeover in GitHub repository neorazorx/facturascripts prior to 2022.07. Affected products include: Facturascripts. Version information: prior to 2022.07..
RemediationAI
A vendor patch is available. Apply the latest security update as soon as possible. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.
More in Facturascripts
View allFacturaScripts is open-source enterprise resource planning and accounting software. [CVSS 8.8 HIGH]
Authenticated users can execute arbitrary SQL commands against FacturaScripts REST API endpoints through unsanitized sor
FacturaScripts versions 2025.71 and earlier contain a stored XSS vulnerability in the Observations field that executes a
Cross-site Scripting (XSS) - Reflected in GitHub repository neorazorx/facturascripts prior to 2022.06. Rated medium seve
Cross-site Scripting (XSS) - Generic in GitHub repository neorazorx/facturascripts prior to 2022.09. Rated medium severi
Reflected Xss using url based payload in GitHub repository neorazorx/facturascripts prior to 2022.07. Rated medium sever
Cross-site scripting - Reflected in Create Subaccount in GitHub repository neorazorx/facturascripts prior to 2022.07. Ra
Reflected cross-site scripting in FacturaScripts prior to version 2025.8 allows authenticated attackers to inject malici
Cross-site Scripting (XSS) - Stored in GitHub repository neorazorx/facturascripts prior to 2022.06. Rated medium severit
Cross-site Scripting (XSS) - Reflected in GitHub repository neorazorx/facturascripts prior to 2022.1. Rated medium sever
Stored XSS via upload plugin functionality in zip format in GitHub repository neorazorx/facturascripts prior to 2022.06.
Store XSS in title parameter executing at EditUser Page & EditProducto page in GitHub repository neorazorx/facturascript
Same weakness CWE-1125 – Excessive Attack Surface
View allSame technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today