Security Advisories - facturascripts/facturascripts - Packagist.org

facturascripts/facturascripts Security Advisories for v2022.08 (7)

[HIGH] FacturaScripts has SQL Injection in Autocomplete Actions

PKSA-gc7x-dnq3-tkv9 CVE-2026-25514 GHSA-pqqg-5f4f-8952

Affected version: <2025.81

Reported by:
GitHub
[HIGH] FacturaScripts has SQL Injection in API ORDER BY Clause

PKSA-tnd6-5wk6-f448 CVE-2026-25513 GHSA-cjfx-qhwm-hf99

Affected version: <2025.81

Reported by:
GitHub
[HIGH] FacturaScripts has Stored Cross-Site Scripting (XSS) in "Observations" field via History View

PKSA-xpcq-5crs-c78v CVE-2026-23997 GHSA-4v7v-7v7r-3r5h

Affected version: <=2025.71

Reported by:
GitHub
[MEDIUM] FacturaScripts is Vulnerable to Reflected XSS

PKSA-qkt1-mscz-6n4p CVE-2026-23476 GHSA-g6w2-q45f-xrp4

Affected version: <2025.81

Reported by:
GitHub
[HIGH] FacturaScripts is Vulnerable to Stored Cross-Site Scripting (XSS) via XML File Upload

PKSA-5rds-6cgc-6zg4 CVE-2025-69210 GHSA-2267-xqcf-gw2m

Affected version: <=2025.4|=2025.43|=2025.41|=2025.11

Reported by:
GitHub
[MEDIUM] Cross-site Scripting in FacturaScripts

PKSA-y9jr-nh92-xscm CVE-2022-2016 GHSA-j8c7-3jpq-8985

Affected version: <=2022.08

Reported by:
GitHub
[MEDIUM] Cross-site Scripting in FacturaScripts

PKSA-8jw7-xw28-wxz7 CVE-2022-1988 GHSA-r7jw-mg27-j839

Affected version: <=2022.08

Reported by:
GitHub