FacturaScripts versions 2022.06 and prior are vulnerable to reflected cross-site scripting attacks. This vulnerability can use arbitrarily executed javascript code to steal users' cookies, perform HTTP request, get content of same origin
page, etc. A fix is available on the master
branch of the GitHub repository and anticipated to be part of version 2022.07.
{ "nvd_published_at": "2022-05-04T11:15:00Z", "github_reviewed_at": "2022-05-24T19:12:18Z", "severity": "MODERATE", "github_reviewed": true, "cwe_ids": [ "CWE-79" ] }