cbcvebase.

Neorazorx Facturascripts vulnerabilities

9 known vulnerabilities affecting neorazorx/neorazorx_facturascripts.

Total CVEs
9
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL1MEDIUM8

Vulnerabilities

Page 1 of 1
CVE-2022-1715P3CRITICALCVSS 9.8≥ unspecified, < 2022.072022-05-13
CVE-2022-1715 [CRITICAL] CWE-1125 CVE-2022-1715: Account Takeover in GitHub repository neorazorx/facturascripts prior to 2022.07. Account Takeover in GitHub repository neorazorx/facturascripts prior to 2022.07.
nvd
CVE-2022-1682P4MEDIUMCVSS 6.1≥ unspecified, < 2022.072022-05-12
CVE-2022-1682 [MEDIUM] CWE-79 CVE-2022-1682: Reflected Xss using url based payload in GitHub repository neorazorx/facturascripts prior to 2022.07 Reflected Xss using url based payload in GitHub repository neorazorx/facturascripts prior to 2022.07. Xss can use to steal user's cookies which lead to Account takeover or do any malicious activity in victim's browser
nvd
CVE-2022-1514P4MEDIUMCVSS 5.4≥ unspecified, < 2022.062022-04-28
CVE-2022-1514 [MEDIUM] CWE-79 CVE-2022-1514: Stored XSS via upload plugin functionality in zip format in GitHub repository neorazorx/facturascrip Stored XSS via upload plugin functionality in zip format in GitHub repository neorazorx/facturascripts prior to 2022.06. Cross-site scripting attacks can have devastating consequences. Code injected into a vulnerable application can exfiltrate data or install malware on the user's machine. Attackers can masquerade as authorized users via session cookie
nvd
CVE-2022-2066P4MEDIUMCVSS 6.1≥ unspecified, < 2022.062022-06-13
CVE-2022-2066 [MEDIUM] CWE-79 CVE-2022-2066: Cross-site Scripting (XSS) - Reflected in GitHub repository neorazorx/facturascripts prior to 2022.0 Cross-site Scripting (XSS) - Reflected in GitHub repository neorazorx/facturascripts prior to 2022.06.
nvd
CVE-2022-1571P4MEDIUMCVSS 6.1≥ unspecified, < 2022.072022-05-04
CVE-2022-1571 [MEDIUM] CWE-79 CVE-2022-1571: Cross-site scripting - Reflected in Create Subaccount in GitHub repository neorazorx/facturascripts Cross-site scripting - Reflected in Create Subaccount in GitHub repository neorazorx/facturascripts prior to 2022.07. This vulnerability can be arbitrarily executed javascript code to steal user'cookie, perform HTTP request, get content of `same origin` page, etc ...
nvd
CVE-2022-1988P4MEDIUMCVSS 6.1≥ unspecified, < 2022.092022-06-03
CVE-2022-1988 [MEDIUM] CWE-79 CVE-2022-1988: Cross-site Scripting (XSS) - Generic in GitHub repository neorazorx/facturascripts prior to 2022.09. Cross-site Scripting (XSS) - Generic in GitHub repository neorazorx/facturascripts prior to 2022.09.
nvd
CVE-2022-1457P4MEDIUMCVSS 5.4≥ unspecified, < 2022.042022-04-25
CVE-2022-1457 [MEDIUM] CWE-79 CVE-2022-1457: Store XSS in title parameter executing at EditUser Page & EditProducto page in GitHub repository neo Store XSS in title parameter executing at EditUser Page & EditProducto page in GitHub repository neorazorx/facturascripts prior to 2022.04. Cross-site scripting attacks can have devastating consequences. Code injected into a vulnerable application can exfiltrate data or install malware on the user's machine. Attackers can masquerade as authorized users
nvd
CVE-2022-2065P4MEDIUMCVSS 5.4≥ unspecified, < 2022.062022-06-13
CVE-2022-2065 [MEDIUM] CWE-79 CVE-2022-2065: Cross-site Scripting (XSS) - Stored in GitHub repository neorazorx/facturascripts prior to 2022.06. Cross-site Scripting (XSS) - Stored in GitHub repository neorazorx/facturascripts prior to 2022.06.
nvd
CVE-2022-2016P4MEDIUMCVSS 5.4≥ unspecified, < 2022.12022-06-09
CVE-2022-2016 [MEDIUM] CWE-79 CVE-2022-2016: Cross-site Scripting (XSS) - Reflected in GitHub repository neorazorx/facturascripts prior to 2022.1 Cross-site Scripting (XSS) - Reflected in GitHub repository neorazorx/facturascripts prior to 2022.1.
nvd
Neorazorx Facturascripts vulnerabilities | cvebase