Neorazorx

**Name of the Vulnerable Software and Affected Versions** facturascripts versions prior to 2022.04 **Description** The issue concerns a Store XSS in the `title` parameter, which executes on the EditUser Page and EditProducto page. This can lead to cross-site scripting attacks, potentially resulting in devastating consequences, including data exfiltration or malware installation on the user's machine. Attackers may also masquerade as authorized users via session cookies, allowing them to perform actions permitted by the user account. **Recommendations** For versions prior to 2022.04, update to a version released after 2022.04 to resolve the issue. As a temporary workaround, consider restricting access to the EditUser Page and EditProducto page to minimize the risk of exploitation. Avoid using the `title` parameter in these pages until the issue is resolved.