Количество 3
Количество 3
CVE-2026-23476
FacturaScripts is open-source enterprise resource planning and accounting software. Prior to 2025.8, there a reflected XSS bug in FacturaScripts. The problem is in how error messages get displayed. Twig's | raw filter is used, which skips HTML escaping. When triggering a database error (like passing a string where an integer is expected), the error message includes the input and gets rendered without sanitization. This vulnerability is fixed in 2025.8.
CVE-2026-23476
FacturaScripts is open-source enterprise resource planning and account ...
GHSA-g6w2-q45f-xrp4
FacturaScripts is Vulnerable to Reflected XSS
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
 | CVE-2026-23476 FacturaScripts is open-source enterprise resource planning and accounting software. Prior to 2025.8, there a reflected XSS bug in FacturaScripts. The problem is in how error messages get displayed. Twig's | raw filter is used, which skips HTML escaping. When triggering a database error (like passing a string where an integer is expected), the error message includes the input and gets rendered without sanitization. This vulnerability is fixed in 2025.8. | CVSS3: 5.4 | 0% Низкий | 7 дней назад |
| CVE-2026-23476 FacturaScripts is open-source enterprise resource planning and account ... | CVSS3: 5.4 | 0% Низкий | 7 дней назад |
| GHSA-g6w2-q45f-xrp4 FacturaScripts is Vulnerable to Reflected XSS | CVSS3: 5.4 | 0% Низкий | 7 дней назад |
Уязвимостей на страницу