MEDIUM🇬🇧 English

CVE-2026-23476

CVSS 5.4v3.1pub. 2026-02-02upd. 2026-02-23

FacturaScripts is open-source enterprise resource planning and accounting software. Prior to 2025.8, there a reflected XSS bug in FacturaScripts. The problem is in how error messages get displayed. Twig's | raw filter is used, which skips HTML escaping. When triggering a database error (like passing a string where an integer is expected), the error message includes the input and gets rendered without sanitization. This vulnerability is fixed in 2025.8.

oryginał EN
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
  • Facturascripts

    APP
    Facturascripts
    < 2025.8
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
Tagi
XSS
CWE
Referencje

Powiązane podatności

CVE-2022-1715CRITICAL9.8ten sam produkt

Account Takeover in GitHub repository neorazorx/facturascripts prior to 2022.07.

CVE-2026-25514HIGH8.7ten sam produkt

FacturaScripts is open-source enterprise resource planning and accounting software. Prior to version 2025.81, ...

CVE-2026-25513HIGH8.3ten sam produkt

FacturaScripts is open-source enterprise resource planning and accounting software. Prior to version 2025.81, ...

CVE-2026-23997HIGH8.0ten sam produkt

FacturaScripts is open-source enterprise resource planning and accounting software. In 2025.71 and earlier, a ...

CVE-2022-2065MEDIUM5.4ten sam produkt

Cross-site Scripting (XSS) - Stored in GitHub repository neorazorx/facturascripts prior to 2022.06.