CVE-2025-69210

Name of the Vulnerable Software and Affected Versions FacturaScripts versions prior to 2025.7

Description FacturaScripts is enterprise resource planning and accounting software. A stored cross-site scripting (XSS) issue exists in the product file upload functionality. Authenticated users can upload crafted XML files containing executable JavaScript. The application renders these files without proper sanitization or content-type enforcement, enabling arbitrary JavaScript execution when the file is accessed. Because uploaded files are visible to administrative users, this can lead to malicious JavaScript execution in an administrator’s browser session. The vulnerable functionality involves uploading files and accessing them later.

Recommendations Update to version 2025.7 or later.