216.73.217.47

CVE-2026-32699

· Published 05/05/2026 20:16 · Modified 05/05/2026 20:16

Labels: CVE-2026-32699 2026-05-05CVE-2026-32699CWE-472[email protected]

Essential information

Published
05/05/2026 20:16
Modified
05/05/2026 20:16
Author
Creator
CVSS
5.3 MEDIUM (v3) 5.3 MEDIUM (v4.0)
CISA KEV
No
CWE
CVSS vector

CVSS metrics

Description

FacturaScripts is an open source accounting and invoicing software. In versions 2025.92 and earlier, the application fails to validate the nick parameter during a POST request to the EditUser controller. Although the user interface prevents editing this field, a user can bypass this restriction by intercepting the request and modifying the nick form-data parameter to rename any account, including the administrator account. This leads to unauthorized modification of a field intended to be immutable.

NVD status

Status
Received — CVE has been recently published to the CVE List and has been received by the NVD.
Source
[email protected]
NVD
View on NVD

Affected products (CPE)

ProductCPE
facturascripts / facturascripts cpe:2.3:a:facturascripts:facturascripts:<2025.92:*:*:*:*:*:*:*

References