Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Store XSS in title parameter executing at EditUser Page & EditProducto page in neorazorx/facturascripts
Vulnerability Description
Store XSS in title parameter executing at EditUser Page & EditProducto page in GitHub repository neorazorx/facturascripts prior to 2022.04. Cross-site scripting attacks can have devastating consequences. Code injected into a vulnerable application can exfiltrate data or install malware on the user's machine. Attackers can masquerade as authorized users via session cookies, allowing them to perform any action allowed by the user account.
CVSS Information
N/A
Vulnerability Type
在Web页面生成时对输入的转义处理不恰当(跨站脚本)
Vulnerability Title
FacturaScripts 跨站脚本漏洞
Vulnerability Description
FacturaScripts是西班牙Carlos Garcia个人开发者的一个开源 ERP 软件。 NeoRazorX FacturaScripts 2022.04之前版本存在跨站脚本漏洞,该漏洞源于EditUser Page 和 EditProducto 页面执行的 title 参数缺少过滤和转义。攻击者利用该漏洞可以通过会话 cookie 伪装成授权用户,执行用户账户允许的任何操作。
CVSS Information
N/A
Vulnerability Type
N/A