CVE-2022-1514

Name of the Vulnerable Software and Affected Versions FacturaScripts versions prior to 2022.06

Description The issue allows for stored cross-site scripting attacks via upload plugin functionality in zip format. This can have severe consequences, including the exfiltration of data or the installation of malware on the user's machine. Attackers can also masquerade as authorized users by accessing session cookies, enabling them to perform any action allowed by the user account.

Recommendations For versions prior to 2022.06, update to version 2022.06 or later to resolve the issue. As a temporary workaround, consider restricting access to the upload plugin functionality in zip format to minimize the risk of exploitation. Avoid using the vulnerable upload functionality until the issue is resolved.