Package impact
COMPOSER / facturascripts/facturascripts
| CVE | Severity | CVSS | Risk | Published | Description | Impact |
|---|---|---|---|---|---|---|
| CVE-2026-27892 | medium | 6.5 | 6.5 | 21d ago | FacturaScripts Vulnerable to Unstripped Image Metadata (EXIF) Leakage via Library Module File Upload/Download | |
| CVE-2026-42879 | medium | 6.3 | 6.3 | 21d ago | FacturaScripts Vulnerable to Authenticated Remote Code Execution (RCE) via GIF Image Upload in Product Images | |
| CVE-2026-32699 | medium | — | 5.5 | 1mo ago | FacturaScripts has Insecure Parameter Handling: Unauthorized Modification of Immutable 'nick' Field | |
| CVE-2026-42877 | medium | 5.4 | 5.4 | 21d ago | FacturaScripts vulnerable to stored XSS via product reference in sales/purchases | |
| CVE-2026-42878 | medium | 5.3 | 5.3 | 21d ago | FacturaScripts Vulnerable to Unauthenticated phpinfo() Disclosure via Installer Endpoint |