CVE-2022-1988
published 2022-06-03CVE-2022-1988: Cross-site Scripting (XSS) - Generic in GitHub repository neorazorx/facturascripts prior to 2022.09.
PriorityP424medium6.1CVSS 3.1
AVNACLPRNUIRSCCLILAN
EPSS
0.73%
49.6th percentile
Cross-site Scripting (XSS) - Generic in GitHub repository neorazorx/facturascripts prior to 2022.09.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| facturascripts | facturascripts | < 2022.09 | 2022.09 |
| facturascripts | facturascripts | 0 – 2022.08 | — |
| neorazorx | neorazorx_facturascripts | >= unspecified < 2022.09 | 2022.09 |
CVSS provenance
nvdv3.16.1MEDIUMCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
nvdv3.06.5MEDIUMCVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L
nvdv2.04.3MEDIUMAV:N/AC:M/Au:N/C:N/I:P/A:N
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
Cross-site Scripting in FacturaScripts
osv·2022-06-04
CVE-2022-1988 [MEDIUM] Cross-site Scripting in FacturaScripts
Cross-site Scripting in FacturaScripts
FacturaScripts 2022.08 and prior is vulnerable to cross-site scripting. A patch is available on the `master` branch of the repository and anticipated to be part of version 2022.09.
GHSA
Cross-site Scripting in FacturaScripts
ghsa·2022-06-04
CVE-2022-1988 [MEDIUM] CWE-79 Cross-site Scripting in FacturaScripts
Cross-site Scripting in FacturaScripts
FacturaScripts 2022.08 and prior is vulnerable to cross-site scripting. A patch is available on the `master` branch of the repository and anticipated to be part of version 2022.09.
No detection rules found.
No public exploits indexed.
Bugzilla
CVE-2021-47076 kernel: RDMA/rxe: Return CQE error if invalid lkey was supplied
bugzilla·2024-03-03·CVSS 5.5
CVE-2021-47076 [MEDIUM] CVE-2021-47076 kernel: RDMA/rxe: Return CQE error if invalid lkey was supplied
CVE-2021-47076 kernel: RDMA/rxe: Return CQE error if invalid lkey was supplied
In the Linux kernel, the following vulnerability has been resolved:
RDMA/rxe: Return CQE error if invalid lkey was supplied
The Linux kernel CVE team has assigned CVE-2021-47076 to this issue.
Upstream advisory:
https://lore.kernel.org/linux-cve-announce/2024030142-CVE-2021-47076-a6b6@gregkh/T/#u
Discussion:
Created kernel tracking bugs for this issue:
Affects: fedora-all [bug 2267526]
---
This was fixed for Fedora with the 5.12.7 stable kernel updates.
---
This issue was fixed in RHEL 8.6.0: https://access.redhat.com/errata/RHSA-2022:1988
and RHEL 9.0.0: https://access.redhat.com/errata/RHBA-2022:3893
---
The result of automatic check (that is developed by Alexander Larkin) for this CVE-2021-47076
Bugzilla
CVE-2023-0459 kernel: Copy_from_user on 64-bit versions may leak kernel information
bugzilla·2023-06-21·CVSS 5.5
CVE-2023-0459 [MEDIUM] CVE-2023-0459 kernel: Copy_from_user on 64-bit versions may leak kernel information
CVE-2023-0459 kernel: Copy_from_user on 64-bit versions may leak kernel information
Copy_from_user on 64-bit versions of the Linux kernel does not implement the __uaccess_begin_nospec allowing a user to bypass the "access_ok" check and pass a kernel pointer to copy_from_user().
This would allow an attacker to leak information.
Refer:
https://github.com/torvalds/linux/commit/4b842e4e25b12951fa10dedb4bc16bc47e3b850c
Discussion:
This issue was fixed upstream in kernel version 5.7-rc1. The kernel packages as shipped in Red Hat Enterprise Linux 8 were previously updated to a version that contains the fix via the following errata:
kernel in Red Hat Enterprise Linux 8
https://access.redhat.com/errata/RHSA-2022:1988
kernel-rt in Red Hat Enterprise Linux 8
https://access.redhat.com/errata/RH
https://github.com/neorazorx/facturascripts/commit/93fc65ced3847a8e0837561e9fdfa0dbace2cfcbhttps://huntr.dev/bounties/7882a35a-b27e-4d7e-9fcc-e9e009d0b01chttps://github.com/neorazorx/facturascripts/commit/93fc65ced3847a8e0837561e9fdfa0dbace2cfcbhttps://huntr.dev/bounties/7882a35a-b27e-4d7e-9fcc-e9e009d0b01c
2022-06-03
Published