Skip to main content

Facturascripts CVE-2022-1715

CRITICAL
Excessive Attack Surface (CWE-1125)
2022-05-13 security@huntr.dev
9.8
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
9.8 CRITICAL
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

1
CVE Published
May 13, 2022 - 17:15 nvd
CRITICAL 9.8

DescriptionNVD

Account Takeover in GitHub repository neorazorx/facturascripts prior to 2022.07.

AnalysisAI

Account Takeover in GitHub repository neorazorx/facturascripts prior to 2022.07. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Technical ContextAI

This vulnerability is classified under CWE-1125. Account Takeover in GitHub repository neorazorx/facturascripts prior to 2022.07. Affected products include: Facturascripts. Version information: prior to 2022.07..

RemediationAI

A vendor patch is available. Apply the latest security update as soon as possible. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.

CVE-2026-25514 HIGH POC
8.8 Feb 04

FacturaScripts is open-source enterprise resource planning and accounting software. [CVSS 8.8 HIGH]

CVE-2026-25513 HIGH POC
8.8 Feb 04

Authenticated users can execute arbitrary SQL commands against FacturaScripts REST API endpoints through unsanitized sor

CVE-2026-23997 HIGH POC
8.0 Feb 02

FacturaScripts versions 2025.71 and earlier contain a stored XSS vulnerability in the Observations field that executes a

CVE-2022-2066 MEDIUM POC
6.1 Jun 13

Cross-site Scripting (XSS) - Reflected in GitHub repository neorazorx/facturascripts prior to 2022.06. Rated medium seve

CVE-2022-1988 MEDIUM POC
6.1 Jun 03

Cross-site Scripting (XSS) - Generic in GitHub repository neorazorx/facturascripts prior to 2022.09. Rated medium severi

CVE-2022-1682 MEDIUM POC
6.1 May 12

Reflected Xss using url based payload in GitHub repository neorazorx/facturascripts prior to 2022.07. Rated medium sever

CVE-2022-1571 MEDIUM POC
6.1 May 04

Cross-site scripting - Reflected in Create Subaccount in GitHub repository neorazorx/facturascripts prior to 2022.07. Ra

CVE-2026-23476 MEDIUM POC
5.4 Feb 02

Reflected cross-site scripting in FacturaScripts prior to version 2025.8 allows authenticated attackers to inject malici

CVE-2022-2065 MEDIUM POC
5.4 Jun 13

Cross-site Scripting (XSS) - Stored in GitHub repository neorazorx/facturascripts prior to 2022.06. Rated medium severit

CVE-2022-2016 MEDIUM POC
5.4 Jun 09

Cross-site Scripting (XSS) - Reflected in GitHub repository neorazorx/facturascripts prior to 2022.1. Rated medium sever

CVE-2022-1514 MEDIUM POC
5.4 Apr 28

Stored XSS via upload plugin functionality in zip format in GitHub repository neorazorx/facturascripts prior to 2022.06.

CVE-2022-1457 MEDIUM POC
5.4 Apr 25

Store XSS in title parameter executing at EditUser Page & EditProducto page in GitHub repository neorazorx/facturascript

Share

CVE-2022-1715 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy