Stored XSS Vulnerability in FacturaScripts Affects Accounting Software by NeoRazorX
CVE-2026-42877

5.4MEDIUM

Key Information:

Vendor: Neorazorx
Status: Facturascripts
Vendor: CVE Published:; 27 May 2026

What is CVE-2026-42877?

FacturaScripts, an open-source accounting and invoicing software, is susceptible to a stored XSS vulnerability. An authenticated user with access to the warehouse module could craft a malicious product reference that, when triggered, executes arbitrary JavaScript in the browser of any user accessing the product search modal within invoices, orders, or delivery notes. This poses a significant security risk, allowing attackers to execute scripts in the context of another user's session.

Affected Version(s)

facturascripts <= 2025.92

References

https://github.com/NeoRazorX/facturascripts/security/advi...

x_refsource_CONFIRM

CVSS V3.1

Score:

5.4

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 27, 2026
Vulnerability Reserved
Apr 30, 2026

CVE-2026-42877 Data

JSON

Neorazorx

What is CVE-2026-42877?

Affected Version(s)

References

CVSS V3.1

Timeline