| CVE-2026-27891 |
high |
7.2 |
7.2 |
|
|
|
27d ago |
FacturaScripts Vulnerable to Remote Code Execution (RCE) via Zip Slip in Plugin Upload Mechanism |
| CVE-2026-27892 |
medium |
6.5 |
6.5 |
|
|
|
27d ago |
FacturaScripts Vulnerable to Unstripped Image Metadata (EXIF) Leakage via Library Module File Upload/Download |
| CVE-2026-42879 |
medium |
6.3 |
6.3 |
|
|
|
27d ago |
FacturaScripts is an open source accounting and invoicing software. In 2025.81 and earlier, an authenticated unrestricted file upload vulnerability exists in FacturaScripts' product image upload func… |
| CVE-2026-32699 |
medium |
— |
5.5 |
|
|
|
1mo ago |
FacturaScripts has Insecure Parameter Handling: Unauthorized Modification of Immutable 'nick' Field |
| CVE-2026-42877 |
medium |
5.4 |
5.4 |
|
|
|
27d ago |
FacturaScripts is an open source accounting and invoicing software. In 2025.92 and earlier, a stored Cross-Site Scripting (XSS) vulnerability exists in the product search modal of sales (Core/Lib/Aja… |
| CVE-2026-42878 |
medium |
5.3 |
5.3 |
|
|
|
27d ago |
FacturaScripts is an open source accounting and invoicing software. Prior to v2026, an unauthenticated information disclosure vulnerability in the Installer controller allows any remote attacker to t… |
| CVE-2026-27964 |
low |
3.9 |
3.9 |
|
|
|
27d ago |
FacturaScripts vulnerable to Reflected Cross-Site Scripting (XSS) via Cookie Manipulation |
| CVE-2025-69210 |
unknown |
— |
1.0 |
|
|
|
5mo ago |
FacturaScripts is Vulnerable to Stored Cross-Site Scripting (XSS) via XML File Upload |
| CVE-2026-25514 |
unknown |
— |
— |
|
|
|
4mo ago |
FacturaScripts has SQL Injection in Autocomplete Actions |
| CVE-2026-25513 |
unknown |
— |
— |
|
|
|
4mo ago |
FacturaScripts has SQL Injection in API ORDER BY Clause |
| CVE-2026-23997 |
unknown |
— |
— |
|
|
|
4mo ago |
FacturaScripts has Stored Cross-Site Scripting (XSS) in "Observations" field via History View |
| CVE-2026-23476 |
unknown |
— |
— |
|
|
|
4mo ago |
FacturaScripts is Vulnerable to Reflected XSS |
| CVE-2022-2066 |
unknown |
— |
— |
|
|
|
4y ago |
Cross site scripting in facturascripts |
| CVE-2022-2065 |
unknown |
— |
— |
|
|
|
4y ago |
Cross-site Scripting in FacturaScripts |
| CVE-2022-2016 |
unknown |
— |
— |
|
|
|
4y ago |
Cross-site Scripting in FacturaScripts |
| CVE-2022-1988 |
unknown |
— |
— |
|
|
|
4y ago |
Cross-site Scripting in FacturaScripts |
| CVE-2022-1715 |
unknown |
— |
— |
|
|
|
4y ago |
Account takeover in facturascripts |
| CVE-2022-1682 |
unknown |
— |
— |
|
|
|
4y ago |
Cross-site Scripting in facturascripts |
| CVE-2022-1571 |
unknown |
— |
— |
|
|
|
4y ago |
Cross-site Scripting in FacturaScripts |
| CVE-2022-1514 |
unknown |
— |
— |
|
|
|
4y ago |
Cross site scripting in FacturaScripts |
