FacturaScripts is an open-source ERP and accounting software widely used by small and medium enterprises. The vulnerability CVE-2025-69210 is a stored cross-site scripting (XSS) flaw found in the product file upload functionality prior to version 2025.7. Authenticated users can upload XML files that contain embedded JavaScript code. When these files are accessed and rendered by the application, the JavaScript executes in the context of the web application without sufficient input sanitization or enforcement of content-type headers. This improper neutralization of input during web page generation corresponds to CWE-79. The attack vector requires authentication and user interaction, specifically an administrator or privileged user viewing the malicious file. Because administrative users typically have elevated privileges, the execution of arbitrary JavaScript could lead to session hijacking, credential theft, or further exploitation within the application. The vulnerability has a low CVSS score (1.2) due to the limited scope and required conditions but remains a concern in environments where multiple user roles exist and file sharing is common. No known exploits are currently reported in the wild. The vendor fixed the issue in version 2025.7 by implementing proper input sanitization and content-type enforcement to prevent script execution from uploaded files.

For European organizations using FacturaScripts versions prior to 2025.7, this vulnerability could allow malicious authenticated users to execute arbitrary JavaScript in the browsers of administrative users. This could lead to session hijacking, unauthorized actions performed with admin privileges, or theft of sensitive financial and operational data managed within the ERP system. Given that FacturaScripts is used in accounting and enterprise resource planning, compromise of administrative sessions could disrupt business operations, lead to financial fraud, or expose confidential information. However, the impact is somewhat limited by the need for attacker authentication and user interaction. Organizations with multiple user roles and file sharing workflows are at higher risk. The vulnerability could be exploited in targeted attacks, especially in environments where internal threat actors or compromised user credentials exist. The low CVSS score reflects the limited attack surface and exploitation complexity, but the potential impact on confidentiality and integrity of financial data remains significant for affected organizations.

1. Immediately upgrade FacturaScripts to version 2025.7 or later, where the vulnerability is patched. 2. Implement strict access controls and monitoring on user accounts with file upload permissions to reduce the risk of malicious file uploads. 3. Restrict file types allowed for upload and enforce server-side content-type validation to prevent execution of embedded scripts. 4. Educate administrative users to be cautious when accessing uploaded files, especially those from less trusted users. 5. Employ Content Security Policy (CSP) headers to limit the impact of any injected scripts by restricting script sources. 6. Regularly audit logs for suspicious file uploads or unusual administrator activity. 7. Consider isolating the ERP application environment to limit lateral movement if exploitation occurs. 8. Use web application firewalls (WAFs) with rules to detect and block malicious payloads in file uploads. These steps go beyond generic advice by focusing on controlling file upload vectors, user role restrictions, and layered defenses.