CVE-2026-27964
Reflected XSS in FacturaScripts via fsNick Cookie
Publication date: 2026-05-18
Last updated on: 2026-05-19
Assigner: GitHub, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| facturascripts | facturascripts | to 2025.8 (exc) |
| facturascripts | facturascripts | 2025.8 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-79 | The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a Reflected Cross-Site Scripting (XSS) issue found in FacturaScripts versions 2025.7 and earlier. It occurs because the application takes the value of the fsNick cookie parameter and directly inserts it into the HTML page without sanitizing or encoding it. As a result, malicious scripts can be injected and executed in the user's browser when the page loads.
Although the server detects the modified session and forces a logout, the malicious script executes before the redirect happens, allowing the attack to succeed.
This vulnerability was fixed in version 2025.8 of FacturaScripts.
How can this vulnerability impact me? :
This vulnerability can allow an attacker to execute arbitrary scripts in the context of the victim's browser session. This can lead to theft of sensitive information, such as cookies or session tokens, manipulation of the web page content, or performing actions on behalf of the user.
Since the malicious script runs before the user is logged out, it can effectively bypass some security measures and potentially compromise user data or session integrity.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability involves the fsNick cookie parameter being reflected unsanitized into the HTML, leading to a Reflected Cross-Site Scripting (XSS) issue. Detection would involve monitoring HTTP responses for the presence of the fsNick cookie value reflected in the HTML content without proper encoding.
Since no specific detection commands or tools are provided, a general approach would be to use web proxy tools like Burp Suite or curl to inspect HTTP responses for the reflection of the fsNick cookie value.
- Use curl to send a request with a crafted fsNick cookie and observe the response: curl -v --cookie "fsNick=<script>alert(1)</script>" http://target-url/
- Use a web proxy (e.g., Burp Suite) to intercept requests and responses, and check if the fsNick cookie value is reflected in the HTML response without encoding.
What immediate steps should I take to mitigate this vulnerability?
The vulnerability has been fixed in FacturaScripts version 2025.8. The immediate mitigation step is to upgrade the software to version 2025.8 or later.
Until the upgrade can be performed, consider implementing web application firewall (WAF) rules to block or sanitize requests containing malicious scripts in the fsNick cookie.
Additionally, instruct users to clear their cookies to avoid carrying malicious fsNick cookie values.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The provided information does not specify how the Reflected Cross-Site Scripting (XSS) vulnerability in FacturaScripts impacts compliance with common standards and regulations such as GDPR or HIPAA.