PT-2025-54222 · Unknown · Facturascripts
Vettrivel007
·
Publicado
2025-12-30
·
Atualizado
2026-02-23
·
CVE-2025-69210
CVSS v3.1
5.4
Média
| Vetor | AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
FacturaScripts versions prior to 2025.7
Description
FacturaScripts is enterprise resource planning and accounting software. A stored cross-site scripting (XSS) issue exists in the product file upload functionality. Authenticated users can upload crafted XML files containing executable JavaScript. The application renders these files without proper sanitization or content-type enforcement, enabling arbitrary JavaScript execution when the file is accessed. Because uploaded files are visible to administrative users, this can lead to malicious JavaScript execution in an administrator’s browser session. The vulnerable functionality involves uploading files and accessing them later.
Recommendations
Update to version 2025.7 or later.
Exploit
Correção
XSS
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Facturascripts