Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
FacturaScripts has a Stored Cross-Site Scripting (XSS) in "Observations" field via History View
Vulnerability Description
FacturaScripts is open-source enterprise resource planning and accounting software. In 2025.71 and earlier, a Stored Cross-Site Scripting (XSS) vulnerability was discovered in the Observations field. The flaw occurs in the History view, where historical data is rendered without proper HTML entity encoding. This allows an attacker to execute arbitrary JavaScript in the browser of viewing the history by administrators.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
Vulnerability Type
在Web页面生成时对输入的转义处理不恰当(跨站脚本)
Vulnerability Title
FacturaScripts 跨站脚本漏洞
Vulnerability Description
FacturaScripts是西班牙Carlos Garcia个人开发者的一个开源 ERP 软件。 FacturaScripts 2025.71及之前版本存在跨站脚本漏洞,该漏洞源于History视图中历史数据渲染时未进行适当的HTML实体编码,可能导致存储型跨站脚本。
CVSS Information
N/A
Vulnerability Type
N/A