Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Stored XSS via upload plugin functionality in zip format in neorazorx/facturascripts
Vulnerability Description
Stored XSS via upload plugin functionality in zip format in GitHub repository neorazorx/facturascripts prior to 2022.06. Cross-site scripting attacks can have devastating consequences. Code injected into a vulnerable application can exfiltrate data or install malware on the user's machine. Attackers can masquerade as authorized users via session cookies, allowing them to perform any action allowed by the user account.
CVSS Information
N/A
Vulnerability Type
在Web页面生成时对输入的转义处理不恰当(跨站脚本)
Vulnerability Title
FacturaScripts 跨站脚本漏洞
Vulnerability Description
FacturaScripts是西班牙Carlos Garcia个人开发者的一个开源 ERP 软件。 FacturaScripts存在安全漏洞,该漏洞源于通过上传插件功能以 zip 格式将 XSS 存储在 GitHub 存储库 neorazorx/facturascripts 中。攻击者可以通过会话 cookie 伪装成授权用户,允许他们执行用户帐户允许的任何操作。
CVSS Information
N/A
Vulnerability Type
N/A