CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

4 matches found

ATTACKERKB•added 2026/05/27 6:29 p.m.•7 views

CVE-2026-42879

FacturaScripts is an open source accounting and invoicing software. In 2025.81 and earlier, an authenticated unrestricted file upload vulnerability exists in FacturaScripts' product image upload functionality. An attacker with valid credentials can upload a PHP file disguised as a GIF image using...

6.3CVSS5.8AI score0.00046EPSS

Exploits0References2Affected Software1

CVE•added 2025/12/30 7:23 p.m.•8 views

CVE-2025-69210

FacturaScripts is affected by CVE-2025-69210: a stored XSS via the product file upload feature exists in versions prior to 2025.7. Authenticated users can upload crafted XML files containing executable JavaScript; these files are rendered without sufficient sanitization or content-type enforcemen...

5.4CVSS5.8AI score0.00019EPSS

Exploits2References3Affected Software1

Github Security Blog•added 2022/04/29 12:0 a.m.•17 views

Cross site scripting in FacturaScripts

FacturaScripts prior to version 2022.06 is vulnerable to stored cross-site scripting via upload plugin functionality in zip format...

9CVSS2.9AI score0.00395EPSS

Exploits1References4Affected Software1

Huntr•added 2022/04/28 9:10 a.m.•13 views

Improper Access Control (IDOR)

Description Improper Access Control IDOR could leak admin information. Proof of Concept 1.Login as admin, edit a role to give permission show a user information - save 2.Login as an user with that role - go to url http://my.facturascripts.site/EditUser?code=admin&action=export&option=PDF - Can se...

Exploits0

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by