CVE-2022-1571: 
PHP vulnerability analysis and mitigation

A cross-site scripting (XSS) vulnerability was discovered in the Create Subaccount feature of GitHub repository neorazorx/facturascripts prior to version 2022.07. The vulnerability was assigned CVE-2022-1571 and was disclosed on May 4, 2022. This security flaw affected the facturascripts application and could allow attackers to execute arbitrary JavaScript code (NVD, CVE).

The vulnerability is a reflected cross-site scripting (XSS) issue that exists in the Create Subaccount functionality. When exploited, it allows attackers to execute arbitrary JavaScript code which could be used to steal user cookies, perform unauthorized HTTP requests, and access content from same-origin pages (NVD).

The successful exploitation of this vulnerability could allow attackers to steal user cookies, perform unauthorized HTTP requests on behalf of the victim, and access content from same-origin pages. This could potentially lead to unauthorized access to user accounts and sensitive information (NVD).

The vulnerability was fixed in facturascripts version 2022.07. The fix involved implementing proper HTML escaping for model fields to improve security. Users are advised to upgrade to version 2022.07 or later to address this vulnerability (GitHub).