VulnerableCode Package Details - pkg:composer/facturascripts/facturascripts@2022.6.0

Search for packages

Vulnerability	Summary	Fixed by
VCID-adxt-zxmy-6kg7 Aliases: CVE-2022-1571 GHSA-m8gv-gvhf-7rhp	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Cross-site scripting - Reflected in Create Subaccount in GitHub repository neorazorx/facturascripts prior to 2022.07. This vulnerability can be arbitrarily executed javascript code to steal user'cookie, perform HTTP request, get content of `same origin` page, etc ...	2022.7.0 Affected by 0 other vulnerabilities.

Vulnerability

Summary

Fixed by

VCID-adxt-zxmy-6kg7
Aliases:
CVE-2022-1571
GHSA-m8gv-gvhf-7rhp

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Cross-site scripting - Reflected in Create Subaccount in GitHub repository neorazorx/facturascripts prior to 2022.07. This vulnerability can be arbitrarily executed javascript code to steal user'cookie, perform HTTP request, get content of `same origin` page, etc ...

2022.7.0
Affected by 0 other vulnerabilities.

Vulnerability	Summary	Aliases
VCID-th7u-38d2-93h6	Cross site scripting in FacturaScripts Stored XSS via upload plugin functionality in zip format in GitHub repository neorazorx/facturascripts prior to 2022.06. Cross-site scripting attacks can have devastating consequences. Attackers can masquerade as authorized users via session cookies, allowing them to perform any action allowed by the user account.	CVE-2022-1514 GHSA-p3w3-4ppm-c3f6
VCID-vgj5-cwfq-pyb7		CVE-2022-2065 GHSA-fp76-f299-v3hj
VCID-wb34-u2aw-17bb		CVE-2022-2066 GHSA-h6wm-mr85-4h9g

Vulnerability

Summary

Aliases

VCID-th7u-38d2-93h6

Cross site scripting in FacturaScripts Stored XSS via upload plugin functionality in zip format in GitHub repository neorazorx/facturascripts prior to 2022.06. Cross-site scripting attacks can have devastating consequences. Attackers can masquerade as authorized users via session cookies, allowing them to perform any action allowed by the user account.

CVE-2022-1514
GHSA-p3w3-4ppm-c3f6

VCID-vgj5-cwfq-pyb7

CVE-2022-2065
GHSA-fp76-f299-v3hj

VCID-wb34-u2aw-17bb

CVE-2022-2066
GHSA-h6wm-mr85-4h9g

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-05-31T00:59:11.427659+00:00	GHSA Importer	Fixing	VCID-vgj5-cwfq-pyb7	https://github.com/advisories/GHSA-fp76-f299-v3hj	38.6.0
2026-05-31T00:59:11.390984+00:00	GHSA Importer	Fixing	VCID-wb34-u2aw-17bb	https://github.com/advisories/GHSA-h6wm-mr85-4h9g	38.6.0
2026-05-31T00:56:26.706675+00:00	GHSA Importer	Affected by	VCID-adxt-zxmy-6kg7	https://github.com/advisories/GHSA-m8gv-gvhf-7rhp	38.6.0
2026-05-31T00:56:00.313203+00:00	GHSA Importer	Fixing	VCID-th7u-38d2-93h6	https://github.com/advisories/GHSA-p3w3-4ppm-c3f6	38.6.0
2026-05-30T20:58:03.675088+00:00	GitLab Importer	Affected by	VCID-adxt-zxmy-6kg7	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/facturascripts/facturascripts/CVE-2022-1571.yml	38.6.0
2026-05-30T20:57:47.179873+00:00	GitLab Importer	Fixing	VCID-th7u-38d2-93h6	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/facturascripts/facturascripts/CVE-2022-1514.yml	38.6.0