XSS in Neorazorx Facturascripts

CVE-2025-69210

FacturaScripts is open-source enterprise resource planning and accounting software. Prior to version 2025.7, a stored cross-site scripting (XSS) vulnerability exists in the product file upload functionality. Authenticated users can upload…

Vulnerability class: XSS (Cross-Site Scripting)

EPSS: 0.000 (5.2th percentile) — read the EPSS interpretation.

Affected products

Neorazorx Facturascripts — versions < 2025.7

Weakness classification (CWE)

CWE-79 — Cross-site Scripting

References

https://github.com/NeoRazorX/facturascripts/security/advisories/GHSA-2267-xqcf-gw2m (x_refsource_CONFIRM)
https://facturascripts.com/publicaciones/ya-disponible-facturascripts-2025-7 (x_refsource_MISC)
https://github.com/NeoRazorX/facturascripts/releases/tag/v2025.7 (x_refsource_MISC)