CVE-2022-1682
published 2022-05-12CVE-2022-1682: Reflected Xss using url based payload in GitHub repository neorazorx/facturascripts prior to 2022.07. Xss can use to steal user's cookies which lead to Account…
PriorityP425medium6.1CVSS 3.1
AVNACLPRNUIRSCCLILAN
EPSS
0.71%
48.8th percentile
Reflected Xss using url based payload in GitHub repository neorazorx/facturascripts prior to 2022.07. Xss can use to steal user's cookies which lead to Account takeover or do any malicious activity in victim's browser
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| facturascripts | facturascripts | < 2022.07 | 2022.07 |
| facturascripts | facturascripts | >= 0 < 2022.08 | 2022.08 |
| neorazorx | neorazorx_facturascripts | >= unspecified < 2022.07 | 2022.07 |
CVSS provenance
nvdv3.16.1MEDIUMCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
nvdv3.09.4CRITICALCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L
nvdv2.04.3MEDIUMAV:N/AC:M/Au:N/C:N/I:P/A:N
vendor_redhat5.5MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
Cross-site Scripting in facturascripts
ghsa·2022-05-13
CVE-2022-1682 [MEDIUM] CWE-79 Cross-site Scripting in facturascripts
Cross-site Scripting in facturascripts
Reflected cross-site scripting using url based payload in GitHub repository neorazorx/facturascripts prior to 2022.08. This can lead to theft of a user's cookies, which in turn could lead to account takeover or do other malicious activities in a victim's browser.
OSV
Cross-site Scripting in facturascripts
osv·2022-05-13
CVE-2022-1682 [MEDIUM] Cross-site Scripting in facturascripts
Cross-site Scripting in facturascripts
Reflected cross-site scripting using url based payload in GitHub repository neorazorx/facturascripts prior to 2022.08. This can lead to theft of a user's cookies, which in turn could lead to account takeover or do other malicious activities in a victim's browser.
Red Hat
kernel: gpiolib: fix memory leak in gpiochip_setup_dev()
vendor_redhat·2024-10-21·CVSS 5.5
CVE-2022-48975 [MEDIUM] CWE-401 kernel: gpiolib: fix memory leak in gpiochip_setup_dev()
kernel: gpiolib: fix memory leak in gpiochip_setup_dev()
In the Linux kernel, the following vulnerability has been resolved:
gpiolib: fix memory leak in gpiochip_setup_dev()
Here is a backtrace report about memory leak detected in
gpiochip_setup_dev():
unreferenced object 0xffff88810b406400 (size 512):
comm "python3", pid 1682, jiffies 4295346908 (age 24.090s)
backtrace:
kmalloc_trace
device_adddevice_private_init at drivers/base/core.c:3361
(inlined by) device_add at drivers/base/core.c:3411
cdev_device_add
gpiolib_cdev_register
gpiochip_setup_dev
gpiochip_add_data_with_key
gcdev_register() & gcdev_unregister() would call device_add() &
device_del() (no matter CONFIG_GPIO_CDEV is enabled or not) to
register/unregister device.
However, if device_add() succeeds, some resource (like
struct
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
https://github.com/neorazorx/facturascripts/commit/8e31d8434014a6d1e8791a489d84268fd74b0c9ahttps://huntr.dev/bounties/e962d191-93e2-405e-a6af-b4a4e4d02527https://github.com/neorazorx/facturascripts/commit/8e31d8434014a6d1e8791a489d84268fd74b0c9ahttps://huntr.dev/bounties/e962d191-93e2-405e-a6af-b4a4e4d02527
2022-05-12
Published