Critical severityNVD Advisory· Published Apr 28, 2022· Updated Aug 3, 2024

Stored XSS via upload plugin functionality in zip format in neorazorx/facturascripts

CVE-2022-1514

Description

Stored XSS via upload plugin functionality in zip format in GitHub repository neorazorx/facturascripts prior to 2022.06. Cross-site scripting attacks can have devastating consequences. Code injected into a vulnerable application can exfiltrate data or install malware on the user's machine. Attackers can masquerade as authorized users via session cookies, allowing them to perform any action allowed by the user account.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

Package	Affected versions	Patched versions
facturascripts/facturascriptsPackagist	< 2022.06	2022.06

Affected products

ghsa-coords
pkg:composer/facturascripts/facturascripts
Range: < 2022.06
Neorazorx/Facturascriptscpe-rescue
Range: unspecified

Patches

Vulnerability mechanics

Generated on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.

References

github.com/advisories/GHSA-p3w3-4ppm-c3f6ghsaADVISORY
nvd.nist.gov/vuln/detail/CVE-2022-1514ghsaADVISORY
github.com/neorazorx/facturascripts/commit/aa9f28cb86467468f43486b77ddef7ff4d3c687eghsax_refsource_MISCWEB
huntr.dev/bounties/4ae2a917-843a-4ae4-8197-8425a596761cghsax_refsource_CONFIRMWEB

News mentions

No linked articles in our index yet.

cvss	0.585
epss	0.001
exploit	0.000
kev	0.000
patch	-0.070
ransomware	0.000