EPSS
Percentile
30.0%
facturascripts is vulnerable to cross-site scripting. An attacker is able to inject malicious code via model fields, allowing stealing of user’s cookie, performing HTTP request and getting content of same origin page, and so on.
same origin
github.com/neorazorx/facturascripts/commit/482c5a82b4d79e7a19614f5a67dc24593046cefd
huntr.dev/bounties/4578a690-73e5-4313-840c-ee15e5329741