CVE-2022-1571

Name of the Vulnerable Software and Affected Versions FacturaScripts versions prior to 2022.07

Description This issue allows for reflected cross-site scripting attacks, enabling the arbitrary execution of javascript code. This can lead to the theft of users' cookies, performance of HTTP requests, and retrieval of content from pages with the same origin. The vulnerability can be exploited to steal user cookies, perform HTTP requests, and get the content of the same origin page.

Recommendations For versions prior to 2022.07, update to version 2022.07 or later, which includes the fix for this issue. As a temporary workaround, consider restricting access to the Create Subaccount feature in the GitHub repository neorazorx/facturascripts until the update is applied.