Moderate severityNVD Advisory· Published May 4, 2022· Updated Aug 3, 2024

Cross-site scripting - Reflected in Create Subaccount in neorazorx/facturascripts

CVE-2022-1571

Description

Cross-site scripting - Reflected in Create Subaccount in GitHub repository neorazorx/facturascripts prior to 2022.07. This vulnerability can be arbitrarily executed javascript code to steal user'cookie, perform HTTP request, get content of same origin page, etc ...

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

Package	Affected versions	Patched versions
facturascripts/facturascriptsPackagist	< 2022.07	2022.07

Affected products

ghsa-coords
pkg:composer/facturascripts/facturascripts
Range: < 2022.07
Neorazorx/Facturascriptscpe-rescue
Range: unspecified

Patches

Vulnerability mechanics

Generated on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.

References

github.com/advisories/GHSA-m8gv-gvhf-7rhpghsaADVISORY
nvd.nist.gov/vuln/detail/CVE-2022-1571ghsaADVISORY
github.com/neorazorx/facturascripts/commit/482c5a82b4d79e7a19614f5a67dc24593046cefdghsax_refsource_MISCWEB
huntr.dev/bounties/4578a690-73e5-4313-840c-ee15e5329741ghsax_refsource_CONFIRMWEB

News mentions

No linked articles in our index yet.

cvss	0.260
epss	0.001
exploit	0.000
kev	0.000
patch	-0.070
ransomware	0.000