CVE-2022-1514: Cross site scripting in FacturaScripts

April 29, 2022

Stored XSS via upload plugin functionality in zip format in GitHub repository neorazorx/facturascripts prior to 2022.06. Cross-site scripting attacks can have devastating consequences. Attackers can masquerade as authorized users via session cookies, allowing them to perform any action allowed by the user account.

References

github.com/advisories/GHSA-p3w3-4ppm-c3f6
github.com/neorazorx/facturascripts/commit/aa9f28cb86467468f43486b77ddef7ff4d3c687e
huntr.dev/bounties/4ae2a917-843a-4ae4-8197-8425a596761c
nvd.nist.gov/vuln/detail/CVE-2022-1514

Detect and mitigate CVE-2022-1514 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →