CVE-2022-2016: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

June 10, 2022

neorazorx/facturascripts suffers from a reflected Cross-site Scripting (XSS). This vulnerability has the potential to deface websites, result in compromised user accounts, and can run malicious code on web pages, which can lead to a compromise of the user’s device.

References

github.com/advisories/GHSA-j8c7-3jpq-8985
github.com/neorazorx/facturascripts/commit/7b4ddb9269a230e2dd07c6a8d3211c9a88f4f09f
huntr.dev/bounties/5fa17e9b-c767-46b4-af64-aafb8c2aa521
nvd.nist.gov/vuln/detail/CVE-2022-2016

Detect and mitigate CVE-2022-2016 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →