VIR Vulnerability Intelligence Relay

Package impact

php Packagist / facturascripts/facturascripts

Severitycriticalhighmediumlowunknown
0
KEVHas exploit
Reset
CVE Severity CVSS Risk Published Description Impact
CVE-2026-27891 high 7.2 7.2 20d ago FacturaScripts Vulnerable to Remote Code Execution (RCE) via Zip Slip in Plugin Upload Mechanism php
CVE-2026-27892 medium 6.5 6.5 20d ago FacturaScripts Vulnerable to Unstripped Image Metadata (EXIF) Leakage via Library Module File Upload/Download php
CVE-2026-42879 medium 6.3 6.3 20d ago FacturaScripts Vulnerable to Authenticated Remote Code Execution (RCE) via GIF Image Upload in Product Images php
CVE-2026-32699 medium 5.5 29d ago FacturaScripts has Insecure Parameter Handling: Unauthorized Modification of Immutable 'nick' Field php
CVE-2026-42877 medium 5.4 5.4 20d ago FacturaScripts vulnerable to stored XSS via product reference in sales/purchases php
CVE-2026-42878 medium 5.3 5.3 20d ago FacturaScripts Vulnerable to Unauthenticated phpinfo() Disclosure via Installer Endpoint php
CVE-2026-27964 low 3.9 3.9 20d ago FacturaScripts vulnerable to Reflected Cross-Site Scripting (XSS) via Cookie Manipulation php
CVE-2026-25514 unknown 4mo ago FacturaScripts has SQL Injection in Autocomplete Actions php
CVE-2026-25513 unknown 4mo ago FacturaScripts has SQL Injection in API ORDER BY Clause php
CVE-2026-23997 unknown 4mo ago FacturaScripts has Stored Cross-Site Scripting (XSS) in "Observations" field via History View php
CVE-2026-23476 unknown 4mo ago FacturaScripts is Vulnerable to Reflected XSS php
CVE-2025-69210 unknown 5mo ago FacturaScripts is Vulnerable to Stored Cross-Site Scripting (XSS) via XML File Upload php
CVE-2022-2066 unknown 4y ago Cross site scripting in facturascripts php
CVE-2022-2065 unknown 4y ago Cross-site Scripting in FacturaScripts php
CVE-2022-2016 unknown 4y ago Cross-site Scripting in FacturaScripts php
CVE-2022-1988 unknown 4y ago Cross-site Scripting in FacturaScripts php
CVE-2022-1715 unknown 4y ago Account takeover in facturascripts php
CVE-2022-1682 unknown 4y ago Cross-site Scripting in facturascripts php
CVE-2022-1571 unknown 4y ago Cross-site Scripting in FacturaScripts php
CVE-2022-1514 unknown 4y ago Cross site scripting in FacturaScripts php