CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

204 matches found

CVE•added 2026/02/02 8:19 p.m.•10 views

CVE-2026-23997

CVE-2026-23997 : FacturaScripts has a Stored Cross-Site Scripting (XSS) in the Observations field via the History view. In affected versions (2025.71 and earlier), data rendered in History is not HTML-encoded, allowing an attacker with note-editing permissions to inject JavaScript that executes i...

9CVSS5.9AI score0.00025EPSS

Exploits1References1Affected Software1

OSV•added 2026/02/02 6:0 p.m.•1 views

GHSA-G6W2-Q45F-XRP4 FacturaScripts is Vulnerable to Reflected XSS

Reflected XSS via SQL Error Messages Summary A reflected XSS bug has been found in FacturaScripts. The problem is in how error messages get displayed - it's using Twig's | raw filter which skips HTML escaping. When a database error is triggered like passing a string where an integer is expected,...

5.4CVSS5.5AI score0.00019EPSS

Exploits1References5

Github Security Blog•added 2026/02/02 6:0 p.m.•6 views

FacturaScripts is Vulnerable to Reflected XSS

5.4CVSS5.5AI score0.00019EPSS

Exploits1References5Affected Software1

Positive Technologies•added 2026/02/02 12:0 a.m.•6 views

PT-2026-5714

Name of the Vulnerable Software and Affected Versions FacturaScripts versions 2025.71 and earlier Description FacturaScripts software contains a Stored Cross-Site Scripting XSS flaw within the Observations field in the History view. The application fails to properly encode HTML entities when...

8CVSS5.8AI score0.00025EPSS

Exploits1References8

CNNVD•added 2026/02/02 12:0 a.m.•4 views

FacturaScripts 跨站脚本漏洞

FacturaScripts is an open-source ERP software developed by Carlos Garcia, a Spanish developer. Versions of FacturaScripts prior to 2025.8 contained a cross-site scripting vulnerability. This vulnerability stemmed from the use of raw filters during error message display, which allowed for skipping...

5.4CVSS5.6AI score0.00019EPSS

Exploits1References4

Positive Technologies•added 2026/02/02 12:0 a.m.•2 views

PT-2026-5712

Name of the Vulnerable Software and Affected Versions FacturaScripts versions prior to 2025.8 Description FacturaScripts is susceptible to a reflected cross-site scripting XSS issue stemming from improper handling of error messages. The application utilizes Twig's | raw filter, which bypasses HTM...

5.4CVSS5.1AI score0.00019EPSS

Exploits1References10

CNNVD•added 2026/02/02 12:0 a.m.•3 views

FacturaScripts 跨站脚本漏洞

FacturaScripts is an open-source ERP software developed by Carlos Garcia, a Spanish developer. Versions of FacturaScripts prior to 2025.71 contained a cross-site scripting vulnerability. This vulnerability occurred due to improper HTML entity encoding during the rendering of historical data in th...

9CVSS5.7AI score0.00025EPSS

Exploits1References2

EUVD•added 2025/12/30 8:52 p.m.•2 views

EUVD-2025-205844

FacturaScripts is Vulnerable to Stored Cross-Site Scripting XSS via XML File Upload...

5.1CVSS5.1AI score0.00021EPSS

Exploits2References4

OSV•added 2025/12/30 8:52 p.m.•3 views

GHSA-2267-XQCF-GW2M FacturaScripts is Vulnerable to Stored Cross-Site Scripting (XSS) via XML File Upload

A stored cross-site scripting XSS vulnerability exists in the product file upload functionality. Authenticated users can upload crafted XML files containing executable JavaScript. These files are later rendered by the application without sufficient sanitization or content-type enforcement, allowi...

8.6CVSS6.1AI score0.00021EPSS

Exploits2References6

Github Security Blog•added 2025/12/30 8:52 p.m.•7 views

FacturaScripts is Vulnerable to Stored Cross-Site Scripting (XSS) via XML File Upload

5.4CVSS6.2AI score0.00021EPSS

Exploits2References6Affected Software1

CVE•added 2025/12/30 7:23 p.m.•10 views

CVE-2025-69210

FacturaScripts is affected by CVE-2025-69210: a stored XSS via the product file upload feature exists in versions prior to 2025.7. Authenticated users can upload crafted XML files containing executable JavaScript; these files are rendered without sufficient sanitization or content-type enforcemen...

5.4CVSS5.8AI score0.00021EPSS

Exploits2References3Affected Software1

Cvelist•added 2025/12/30 7:23 p.m.•22 views

CVE-2025-69210 FacturaScripts vulnerable to Stored Cross-Site Scripting (XSS) via XML File Upload

FacturaScripts is open-source enterprise resource planning and accounting software. Prior to version 2025.7, a stored cross-site scripting XSS vulnerability exists in the product file upload functionality. Authenticated users can upload crafted XML files containing executable JavaScript. These...

5.1CVSS0.00021EPSS

Exploits2References3

OSV•added 2025/12/30 7:23 p.m.•3 views

CVE-2025-69210 FacturaScripts vulnerable to Stored Cross-Site Scripting (XSS) via XML File Upload

5.1CVSS6.1AI score0.00021EPSS

Exploits2References5

Vulnrichment•added 2025/12/30 7:23 p.m.•4 views

CVE-2025-69210 FacturaScripts vulnerable to Stored Cross-Site Scripting (XSS) via XML File Upload

5.1CVSS5.8AI score0.00021EPSS

Exploits2References3

CNNVD•added 2025/12/30 12:0 a.m.•2 views

FacturaScripts 跨站脚本漏洞

FacturaScripts is an open source ERP software from Carlos Garcia, an individual developer in Spain. A cross-site scripting vulnerability exists in FacturaScripts versions prior to 2025.7, which stems from insufficient product file upload feature cleanup and content type coercion, and could lead t...

5.4CVSS5.6AI score0.00021EPSS

Exploits2References4

Positive Technologies•added 2025/12/30 12:0 a.m.•3 views

PT-2025-54222

5.1CVSS6.2AI score0.00021EPSS

Exploits2References6

EUVD•added 2025/10/03 8:7 p.m.•4 views

EUVD-2022-6064

Malicious code in bioql PyPI...

7.1CVSS6.6AI score0.00371EPSS

Exploits1References4

EUVD•added 2025/10/03 8:7 p.m.•2 views