CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

10 matches found

EUVD•added 2026/04/14 6:30 p.m.•5 views

EUVD-2026-22282

FacturaScripts has Stored Cross-Site Scripting XSS in "Observations" field via History View...

9CVSS5.8AI score0.00385EPSS

Exploits1References3

NVD•added 2026/02/02 11:16 p.m.•12 views

CVE-2026-23997

FacturaScripts is open-source enterprise resource planning and accounting software. In 2025.71 and earlier, a Stored Cross-Site Scripting XSS vulnerability was discovered in the Observations field. The flaw occurs in the History view, where historical data is rendered without proper HTML entity...

9CVSS0.00385EPSS

Exploits1References1

Vulnrichment•added 2026/02/02 8:19 p.m.•4 views

CVE-2026-23997 FacturaScripts has a Stored Cross-Site Scripting (XSS) in "Observations" field via History View

8CVSS5.9AI score0.00385EPSS

Exploits1References1

Cvelist•added 2026/02/02 8:19 p.m.•34 views

CVE-2026-23997 FacturaScripts has a Stored Cross-Site Scripting (XSS) in "Observations" field via History View

8CVSS0.00385EPSS

Exploits1References1

ATTACKERKB•added 2026/02/02 8:19 p.m.•3 views

CVE-2026-23997

8CVSS5.9AI score0.00385EPSS

Exploits1References2Affected Software1

CVE•added 2026/02/02 8:19 p.m.•17 views

CVE-2026-23997

CVE-2026-23997 is a Stored XSS in FacturaScripts’ Observations field rendered in the History view. The root cause is improper HTML entity encoding when displaying historical data, allowing an attacker to execute arbitrary JavaScript in an admin’s browser. Public docs (GitHub/GHSA advisories, Red ...

9CVSS5.9AI score0.00385EPSS

Exploits1References1Affected Software1

Snyk•added 2026/02/02 6:17 p.m.•5 views

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS in the Observations field in the History view. An attacker can execute arbitrary JavaScript code in the context of an administrator's browser session by injecting malicious scripts into the Observations field,...

9CVSS5.6AI score0.00385EPSS

Exploits1References2

OSV•added 2026/02/02 6:17 p.m.•4 views

GHSA-4V7V-7V7R-3R5H FacturaScripts has Stored Cross-Site Scripting (XSS) in "Observations" field via History View

Summary A Stored Cross-Site Scripting XSS vulnerability was discovered in the Observations field. The flaw occurs in the History view, where historical data is rendered without proper HTML entity encoding. This allows an attacker to execute arbitrary JavaScript in the browser of viewing the histo...

8CVSS6.1AI score0.00385EPSS

Exploits1References3

Github Security Blog•added 2026/02/02 6:17 p.m.•7 views

FacturaScripts has Stored Cross-Site Scripting (XSS) in "Observations" field via History View

9CVSS6.2AI score0.00385EPSS

Exploits1References3Affected Software1

Positive Technologies•added 2026/02/02 12:0 a.m.•10 views

PT-2026-5714

Name of the Vulnerable Software and Affected Versions FacturaScripts versions 2025.71 and earlier Description FacturaScripts software contains a Stored Cross-Site Scripting XSS flaw within the Observations field in the History view. The application fails to properly encode HTML entities when...

8CVSS5.8AI score0.00385EPSS

Exploits1References8

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by