CNNVD-202602-053 Information

CNNVD ID

CNNVD-202602-053

Related CVE

CVE-2026-23997

• CNNVD Published: 2026-02-02

Description (Chinese)

FacturaScripts是西班牙Carlos Garcia个人开发者的一个开源 ERP 软件。 FacturaScripts 2025.71及之前版本存在跨站脚本漏洞，该漏洞源于History视图中历史数据渲染时未进行适当的HTML实体编码，可能导致存储型跨站脚本。

Description (English)

FacturaScripts is an open source ERP software for the Spanish personal developer Carlos Garcia. FacturaScripts 2025.71 and previous versions have a cross-site script loophole, which results from the fact that the historical data render is not properly coded for HTML, which may result in a storage-type cross-site script.

Hazard Level

High

Vulnerability Type

跨站脚本

Affected Vendor

个人开发者

Published

2026-02-02

Last Modified

2026-02-24

References

https://github.com/NeoRazorX/facturascripts/security/advisories/GHSA-4v7v-7v7r-3r5h https://access.redhat.com/security/cve/cve-2026-23997

Patch

https://github.com/NeoRazorX/facturascripts/releases