CNNVD-202602-056 Information
CNNVD ID
CNNVD-202602-056
Related CVE
- CNNVD Published: 2026-02-02
Description (Chinese)
FacturaScripts是西班牙Carlos Garcia个人开发者的一个开源 ERP 软件。 FacturaScripts 2025.8之前版本存在跨站脚本漏洞,该漏洞源于错误消息显示时使用raw过滤器跳过HTML转义,可能导致反射型跨站脚本。
Description (English)
FacturaScripts is an open source ERP software for the Spanish personal developer Carlos Garcia. The pre-FacturaScripts 2025.8 has a cross-site script loophole, which results from the use of a raw filter to skip the HTML conversion when the error message shows, which may result in a reflector-type cross-site script.
Hazard Level
High
Vulnerability Type
跨站脚本
Affected Vendor
个人开发者
Published
2026-02-02
Last Modified
2026-02-24
References
https://github.com/NeoRazorX/facturascripts/releases/tag/v2025.8 https://github.com/NeoRazorX/facturascripts/security/advisories/GHSA-g6w2-q45f-xrp4 https://github.com/NeoRazorX/facturascripts/commit/2afd98cecd26c5f8357e0e321d86063ad1012fc3 https://access.redhat.com/security/cve/cve-2026-23476
Patch
https://github.com/NeoRazorX/facturascripts/releases
Share on: