Moderate severityNVD Advisory· Published Aug 17, 2022· Updated Aug 3, 2024
Cross-site Scripting (XSS) - Stored in notrinos/notrinoserp
CVE-2022-2871
Description
Cross-site Scripting (XSS) - Stored in GitHub repository notrinos/notrinoserp prior to 0.7.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
notrinos/notrinos-erpPackagist | <= 0.7 | — |
Affected products
1- Range: unspecified
Patches
10362778f4f67Prevent cross-site scripting(XSS) vulnerabilities.
2 files changed · +4 −4
libraries/select.js+3 −2 modified@@ -15,9 +15,10 @@ var loadSelect2 = { if((e.hasAttribute('multiple') === false) && $(e).hasClass('nosearch') === false) { $(e).select2({ dropdownAutoWidth : true, - // break a select option item into multi lines templateResult: function(item) { - var selectionText = item.text.split('\n'); + // replace(/</g, '<') : prevent the code in the option’s value from being executed by the browser. + // split('\n') : break a select option item into multi lines + var selectionText = item.text.replace(/</g, '<').split('\n'); var returnString = $('<span></span>'); $.each(selectionText, function(index, value){ line = value === undefined ? '' : value;
SECURITY.md+1 −2 modified@@ -2,8 +2,7 @@ ## Reporting a Vulnerability -Please share privately the details of your security vulnerability by email to: -[Contact Info](support@notrinos.com) +Please share privately the details of your security vulnerability by email to: support@notrinos.com Or open an issue at [our forum](https://forums.notrinos.com/t/bugs-problems) Make sure to include as much information as possible, with the detailed steps to reproduce the problem,
Vulnerability mechanics
Generated on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.
References
4- github.com/advisories/GHSA-hrx5-cv4v-4c44ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2022-2871ghsaADVISORY
- github.com/notrinos/notrinoserp/commit/0362778f4f678156c22a009094225823df8a4760ghsax_refsource_MISCWEB
- huntr.dev/bounties/61126c07-22ac-4961-a198-1aa33060b373ghsax_refsource_CONFIRMWEB
News mentions
0No linked articles in our index yet.