CNNVD-202512-5076 Information
CNNVD ID
CNNVD-202512-5076
Related CVE
- CNNVD Published: 2025-12-30
Description (Chinese)
FacturaScripts是西班牙Carlos Garcia个人开发者的一个开源 ERP 软件。 FacturaScripts 2025.7之前版本存在跨站脚本漏洞,该漏洞源于产品文件上传功能清理和内容类型强制不足,可能导致存储型跨站脚本攻击。
Description (English)
FacturaScripts is an open source ERP software for the Spanish personal developer Carlos Garcia. The pre-FacturaScripts 2025.7 version had a cross-site script loophole, which stemmed from the lack of functionality for uploading the product file and the lack of mandatory content type, which could lead to storage-type cross-site script attacks.
Hazard Level
High
Vulnerability Type
跨站脚本
Affected Vendor
个人开发者
Published
2025-12-30
Last Modified
2026-02-24
References
https://facturascripts.com/publicaciones/ya-disponible-facturascripts-2025-7 https://github.com/NeoRazorX/facturascripts/releases/tag/v2025.7 https://github.com/NeoRazorX/facturascripts/security/advisories/GHSA-2267-xqcf-gw2m
Patch
https://github.com/NeoRazorX/facturascripts/releases
Share on: