📦 Facturascripts

This vulnerability allows attackers to take over user accounts in FacturaScripts, an open-source billing and accounting software. Attackers can compromise accounts without authentication, potentially ...

FacturaScripts contains a critical SQL injection vulnerability in the autocomplete functionality that allows authenticated attackers to extract sensitive data including user credentials, configuration...

FacturaScripts contains a critical SQL injection vulnerability in its REST API that allows authenticated API users to execute arbitrary SQL queries through the sort parameter. This affects all API end...

A stored XSS vulnerability in FacturaScripts allows attackers to inject malicious JavaScript into the Observations field, which executes when administrators view the History section. This affects all ...

This reflected XSS vulnerability in FacturaScripts allows attackers to inject malicious scripts into error messages that get executed in users' browsers. It affects all FacturaScripts installations pr...

FacturaScripts versions before 2025.7 contain a stored cross-site scripting (XSS) vulnerability in the file upload functionality. Authenticated users can upload malicious XML files containing JavaScri...