{"id":"CVE-2022-48324","details":"Multiple Cross Site Scripting (XSS) vulnerabilities in Mapos 4.39.0 allow attackers to execute arbitrary code. Affects the following parameters: (1) pesquisa, (2) data, (3) data2, (4) nome, (5) descricao, (6) idDocumentos, (7) id in file application/controllers/Arquivos.php; (8) senha, (9) nomeCliente, (10) contato, (11) documento, (12) telefone, (13) celular, (14) email, (15) rua, (16) numero, (17) complemento, (18) bairro, (19) cidade, (20) estado, (21) cep, (22) idClientes, (23) id in file application/controllers/Clientes.php; (24) id, (25) tipo, (26) forma_pagamento, (27) gateway_de_pagamento, (28) excluir_id, (29) confirma_id, (30) cancela_id in file application/controllers/Cobrancas.php; (31) vencimento_de, (32) vencimento_ate, (33) cliente, (34) tipo, (35) status, (36) valor_desconto, (37) desconto, (38) periodo, (39) per_page, (40) urlAtual, (41) vencimento, (42) recebimento, (43) valor, (44) recebido, (45) formaPgto, (46) desconto_parc, (47) entrada, (48) qtdparcelas_parc, (49) valor_parc, (50) dia_pgto, (51) dia_base_pgto, (52) comissao, (53) descricao_parc, (54) cliente_parc, (55) observacoes_parc, (56) formaPgto_parc, (57) tipo_parc, (58) pagamento, (59) pago, (60) valor_desconto_editar, (61) descricao, (62) fornecedor, (63) observacoes, (64) id in file application/controllers/Financeiro.php; (65) refGarantia, (66) textoGarantia, (67) idGarantias in file application/controllers/Garantias.php; (68) email, (69) senha in file application/controllers/Login.php.","modified":"2026-04-10T04:53:04.383487Z","published":"2023-02-16T21:15:14.023Z","references":[{"type":"REPORT","url":"https://github.com/RamonSilva20/mapos/issues/2010"},{"type":"FIX","url":"https://github.com/RamonSilva20/mapos/pull/2015#pullrequestreview-1271395780"},{"type":"EVIDENCE","url":"https://gist.github.com/enferas/7c7f0a3c6cb30939d9039043c0b86ea8"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/ramonsilva20/mapos","events":[{"introduced":"0"},{"last_affected":"efb2b5fa0a05e94229e0c2fb426a292d4bfe4749"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"4.39.0"}]}}],"versions":["v2.6.4","v3.1.11","v3.1.5","v3.10.0","v4","v4.1.0","v4.1.1","v4.1.2","v4.10.0","v4.11.0","v4.11.1","v4.11.2","v4.12.0","v4.13.1","v4.13.2","v4.14.0","v4.14.1","v4.15.0","v4.15.1","v4.16.0","v4.17.0","v4.17.1","v4.18.0","v4.19.0","v4.2.0","v4.2.1","v4.2.2","v4.20.0","v4.20.1","v4.20.2","v4.21.0","v4.22.0","v4.23.0","v4.24.0","v4.25.0","v4.25.1","v4.26.0","v4.26.2","v4.27.0","v4.28.0","v4.29.0","v4.3","v4.30.0","v4.30.1","v4.30.2","v4.30.3","v4.31.0","v4.31.1","v4.32.0","v4.32.1","v4.33.0","v4.33.1","v4.34.0","v4.35.0","v4.35.1","v4.36.1","v4.36.2","v4.37.0","v4.38.0","v4.39.0","v4.4.0","v4.4.1","v4.5.0","v4.5.1","v4.5.2","v4.5.3","v4.5.4","v4.6.0","v4.6.1","v4.6.2","v4.7.0","v4.7.1","v4.7.4","v4.7.5","v4.8.0","v4.8.1","v4.8.2","v4.8.3","v4.9.0"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-48324.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}]}