CVE-2026-42877 (GCVE-0-2026-42877)
Vulnerability from cvelistv5 – Published: 2026-05-27 18:37 – Updated: 2026-05-28 15:15
VLAI
Title
FacturaScripts: Stored XSS via product reference in sales/purchases
Summary
FacturaScripts is an open source accounting and invoicing software. In 2025.92 and earlier, a stored Cross-Site Scripting (XSS) vulnerability exists in the product search modal of sales (Core/Lib/AjaxForms/SalesModalHTML.php) and purchases documents (Core/Lib/AjaxForms/PurchasesModalHTML.php). An authenticated user with access to the warehouse module can create a product with a malicious reference that executes arbitrary JavaScript in the browser of any other user who opens the product search modal inside an invoice, order, or delivery note.
Severity
5.4 (Medium)
SSVC
Exploitation: poc
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://github.com/NeoRazorX/facturascripts/secur… | x_refsource_CONFIRM |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| NeoRazorX | facturascripts |
Affected:
<= 2025.92
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-42877",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-28T15:13:50.730745Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-28T15:15:20.904Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/NeoRazorX/facturascripts/security/advisories/GHSA-r736-2678-fcrx"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "facturascripts",
"vendor": "NeoRazorX",
"versions": [
{
"status": "affected",
"version": "\u003c= 2025.92"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "FacturaScripts is an open source accounting and invoicing software. In 2025.92 and earlier, a stored Cross-Site Scripting (XSS) vulnerability exists in the product search modal of sales (Core/Lib/AjaxForms/SalesModalHTML.php) and purchases documents (Core/Lib/AjaxForms/PurchasesModalHTML.php). An authenticated user with access to the warehouse module can create a product with a malicious reference that executes arbitrary JavaScript in the browser of any other user who opens the product search modal inside an invoice, order, or delivery note."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-27T18:37:06.291Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/NeoRazorX/facturascripts/security/advisories/GHSA-r736-2678-fcrx",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/NeoRazorX/facturascripts/security/advisories/GHSA-r736-2678-fcrx"
}
],
"source": {
"advisory": "GHSA-r736-2678-fcrx",
"discovery": "UNKNOWN"
},
"title": "FacturaScripts: Stored XSS via product reference in sales/purchases"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-42877",
"datePublished": "2026-05-27T18:37:06.291Z",
"dateReserved": "2026-04-30T18:49:06.711Z",
"dateUpdated": "2026-05-28T15:15:20.904Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2026-42877",
"date": "2026-06-11",
"epss": "0.00029",
"percentile": "0.08901"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2026-42877\",\"sourceIdentifier\":\"security-advisories@github.com\",\"published\":\"2026-05-27T20:16:36.673\",\"lastModified\":\"2026-05-29T15:29:42.387\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"FacturaScripts is an open source accounting and invoicing software. In 2025.92 and earlier, a stored Cross-Site Scripting (XSS) vulnerability exists in the product search modal of sales (Core/Lib/AjaxForms/SalesModalHTML.php) and purchases documents (Core/Lib/AjaxForms/PurchasesModalHTML.php). An authenticated user with access to the warehouse module can create a product with a malicious reference that executes arbitrary JavaScript in the browser of any other user who opens the product search modal inside an invoice, order, or delivery note.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N\",\"baseScore\":5.4,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"REQUIRED\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":2.3,\"impactScore\":2.7}]},\"weaknesses\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-79\"}]}],\"references\":[{\"url\":\"https://github.com/NeoRazorX/facturascripts/security/advisories/GHSA-r736-2678-fcrx\",\"source\":\"security-advisories@github.com\"},{\"url\":\"https://github.com/NeoRazorX/facturascripts/security/advisories/GHSA-r736-2678-fcrx\",\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\"}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2026-42877\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"poc\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2026-05-28T15:13:50.730745Z\"}}}], \"references\": [{\"url\": \"https://github.com/NeoRazorX/facturascripts/security/advisories/GHSA-r736-2678-fcrx\", \"tags\": [\"exploit\"]}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2026-05-28T15:14:06.784Z\"}}], \"cna\": {\"title\": \"FacturaScripts: Stored XSS via product reference in sales/purchases\", \"source\": {\"advisory\": \"GHSA-r736-2678-fcrx\", \"discovery\": \"UNKNOWN\"}, \"metrics\": [{\"cvssV3_1\": {\"scope\": \"CHANGED\", \"version\": \"3.1\", \"baseScore\": 5.4, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"MEDIUM\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N\", \"integrityImpact\": \"LOW\", \"userInteraction\": \"REQUIRED\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"NONE\", \"privilegesRequired\": \"LOW\", \"confidentialityImpact\": \"LOW\"}}], \"affected\": [{\"vendor\": \"NeoRazorX\", \"product\": \"facturascripts\", \"versions\": [{\"status\": \"affected\", \"version\": \"\u003c= 2025.92\"}]}], \"references\": [{\"url\": \"https://github.com/NeoRazorX/facturascripts/security/advisories/GHSA-r736-2678-fcrx\", \"name\": \"https://github.com/NeoRazorX/facturascripts/security/advisories/GHSA-r736-2678-fcrx\", \"tags\": [\"x_refsource_CONFIRM\"]}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"FacturaScripts is an open source accounting and invoicing software. In 2025.92 and earlier, a stored Cross-Site Scripting (XSS) vulnerability exists in the product search modal of sales (Core/Lib/AjaxForms/SalesModalHTML.php) and purchases documents (Core/Lib/AjaxForms/PurchasesModalHTML.php). An authenticated user with access to the warehouse module can create a product with a malicious reference that executes arbitrary JavaScript in the browser of any other user who opens the product search modal inside an invoice, order, or delivery note.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-79\", \"description\": \"CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)\"}]}], \"providerMetadata\": {\"orgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"shortName\": \"GitHub_M\", \"dateUpdated\": \"2026-05-27T18:37:06.291Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2026-42877\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2026-05-28T15:15:20.904Z\", \"dateReserved\": \"2026-04-30T18:49:06.711Z\", \"assignerOrgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"datePublished\": \"2026-05-27T18:37:06.291Z\", \"assignerShortName\": \"GitHub_M\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
}
}
FKIE_CVE-2026-42877
Vulnerability from fkie_nvd - Published: 2026-05-27 20:16 - Updated: 2026-05-29 15:29
Severity
Summary
FacturaScripts is an open source accounting and invoicing software. In 2025.92 and earlier, a stored Cross-Site Scripting (XSS) vulnerability exists in the product search modal of sales (Core/Lib/AjaxForms/SalesModalHTML.php) and purchases documents (Core/Lib/AjaxForms/PurchasesModalHTML.php). An authenticated user with access to the warehouse module can create a product with a malicious reference that executes arbitrary JavaScript in the browser of any other user who opens the product search modal inside an invoice, order, or delivery note.
References
Impacted products
| Vendor | Product | Version |
|---|
{
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "FacturaScripts is an open source accounting and invoicing software. In 2025.92 and earlier, a stored Cross-Site Scripting (XSS) vulnerability exists in the product search modal of sales (Core/Lib/AjaxForms/SalesModalHTML.php) and purchases documents (Core/Lib/AjaxForms/PurchasesModalHTML.php). An authenticated user with access to the warehouse module can create a product with a malicious reference that executes arbitrary JavaScript in the browser of any other user who opens the product search modal inside an invoice, order, or delivery note."
}
],
"id": "CVE-2026-42877",
"lastModified": "2026-05-29T15:29:42.387",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "security-advisories@github.com",
"type": "Secondary"
}
]
},
"published": "2026-05-27T20:16:36.673",
"references": [
{
"source": "security-advisories@github.com",
"url": "https://github.com/NeoRazorX/facturascripts/security/advisories/GHSA-r736-2678-fcrx"
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"url": "https://github.com/NeoRazorX/facturascripts/security/advisories/GHSA-r736-2678-fcrx"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "security-advisories@github.com",
"type": "Secondary"
}
]
}
GHSA-R736-2678-FCRX
Vulnerability from github – Published: 2026-05-07 19:37 – Updated: 2026-06-08 23:53
VLAI
Summary
FacturaScripts vulnerable to stored XSS via product reference in sales/purchases
Details
Summary
A stored Cross-Site Scripting (XSS) vulnerability exists in the product search modal of sales and purchases documents. An authenticated user with access to the warehouse module can create a product with a malicious reference that executes arbitrary JavaScript in the browser of any other user who opens the product search modal inside an invoice, order, or delivery note.
Affected files
Core/Lib/AjaxForms/SalesModalHTML.phpCore/Lib/AjaxForms/PurchasesModalHTML.php
Vulnerability details
The referencia field of a product variant is injected directly into an HTML onclick attribute string without JavaScript context escaping:
// SalesModalHTML.php ~line 102
$tbody .= '<tr onclick="return salesFormAction(\'add-product\', \''
. $row['referencia'] // no htmlspecialchars() applied
. '\');">';
When a product is saved, noHtml() encodes ' → '. This appears safe in static HTML context. However, the modal HTML is later returned as a JSON response and inserted into the DOM via innerHTML:
// SalesDocument.html.twig line 118
document.getElementById("findProductList").innerHTML = data.products;
The browser HTML parser decodes ' → ' during the innerHTML assignment, breaking out of the JavaScript string literal in the onclick attribute and executing the injected code.
Attack payload stored in database: x'+alert(1)+'
Resulting onclick after innerHTML decode:
return salesFormAction('add-product', 'x'+alert(1)+'')
// ^^^^^^^^^^ executes before the function call
Steps to reproduce
Step 1 — Inject the payload
- Log in as a user with write access to Warehouse → Products
- Navigate to
/EditProductoand create a new product with the following values:
| Field | Value |
|---|---|
| Reference | x'+alert(1)+' |
| Description | test |
- Save the product
Step 2 — Trigger the XSS
- Make sure at least one customer exists in the system (Sales → Customers)
- Navigate to
/EditFacturaCliente?codcliente=<customer_code> - In the invoice form, click the product search button next to the "Referencia" field
- Click on the 'malicious' product
alert(1)
Impact
Although session cookies (fsLogkey, fsNick) have the HttpOnly flag set and cannot be read directly via document.cookie, the injected script runs in the victim's authenticated browser context, meaning the attacker can make arbitrary authenticated requests on their behalf, create new admin users via AJAX POST to /EditUser, exfiltrate any business data visible in the DOM, or redirect the user to an external site. The most critical scenario is privilege escalation: a low-privilege employee with only warehouse
access can execute JavaScript in an administrator's session without knowing their password.
Recommended fix
Apply htmlspecialchars() with ENT_QUOTES before inserting referencia into the onclick attribute in both affected files.
Core/Lib/AjaxForms/SalesModalHTML.php
// Before (vulnerable):
$tbody .= '<tr onclick="return salesFormAction(\'add-product\', \''
. $row['referencia']
. '\');">';
// After (safe):
$tbody .= '<tr onclick="return salesFormAction(\'add-product\', \''
. htmlspecialchars($row['referencia'], ENT_QUOTES, 'UTF-8')
. '\');">';
Core/Lib/AjaxForms/PurchasesModalHTML.php
Apply the same change to the equivalent line.
Why ENT_QUOTES is required: ENT_QUOTES encodes both " and ' characters. This ensures that ' is stored as ' and — critically — remains ' after innerHTML assignment, because htmlspecialchars produces a form that the HTML parser does not decode back into a raw quote inside a JS string context.
Alternative mitigation: replace innerHTML with innerText or a DOM-based rendering approach that never parses injected strings as HTML. This would eliminate the entire class of HTML-injection-via-innerHTML vulnerabilities in the sales and purchases
forms.
Credits
Omar Ramirez
Severity
5.4 (Medium)
{
"affected": [
{
"package": {
"ecosystem": "Packagist",
"name": "facturascripts/facturascripts"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "2025.92"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2026-42877"
],
"database_specific": {
"cwe_ids": [
"CWE-79"
],
"github_reviewed": true,
"github_reviewed_at": "2026-05-07T19:37:08Z",
"nvd_published_at": "2026-05-27T20:16:36Z",
"severity": "MODERATE"
},
"details": "## Summary\n\nA stored Cross-Site Scripting (XSS) vulnerability exists in the product search modal of sales and purchases documents. An authenticated user with access to the warehouse module can create a product with a malicious reference that executes arbitrary JavaScript in the browser of any other user who opens the product search modal inside an invoice, order, or delivery note.\n\n## Affected files\n\n- `Core/Lib/AjaxForms/SalesModalHTML.php`\n- `Core/Lib/AjaxForms/PurchasesModalHTML.php`\n\n## Vulnerability details\n\nThe `referencia` field of a product variant is injected directly into an HTML `onclick` attribute string without JavaScript context escaping:\n\n```php\n// SalesModalHTML.php ~line 102\n$tbody .= \u0027\u003ctr onclick=\"return salesFormAction(\\\u0027add-product\\\u0027, \\\u0027\u0027\n . $row[\u0027referencia\u0027] // no htmlspecialchars() applied\n . \u0027\\\u0027);\"\u003e\u0027;\n```\n\nWhen a product is saved, `noHtml()` encodes `\u0027` \u2192 `\u0026#39;`. This appears safe in static HTML context. However, the modal HTML is later returned as a JSON response and inserted into the DOM via `innerHTML`:\n\n```javascript\n// SalesDocument.html.twig line 118\ndocument.getElementById(\"findProductList\").innerHTML = data.products;\n```\n\nThe browser HTML parser decodes `\u0026#39;` \u2192 `\u0027` during the `innerHTML` assignment, breaking out of the JavaScript string literal in the `onclick` attribute and executing the injected code.\n\n**Attack payload stored in database:** `x\u0026#39;+alert(1)+\u0026#39;`\n\n**Resulting `onclick` after `innerHTML` decode:**\n```javascript\nreturn salesFormAction(\u0027add-product\u0027, \u0027x\u0027+alert(1)+\u0027\u0027)\n// ^^^^^^^^^^ executes before the function call\n```\n\n## Steps to reproduce\n\n**Step 1 \u2014 Inject the payload**\n\n1. Log in as a user with write access to Warehouse \u2192 Products\n2. Navigate to `/EditProducto` and create a new product with the following values:\n\n| Field | Value |\n|---|---|\n| Reference | `x\u0027+alert(1)+\u0027` |\n| Description | `test` |\n\n3. Save the product\n\n**Step 2 \u2014 Trigger the XSS**\n\n1. Make sure at least one customer exists in the system (Sales \u2192 Customers)\n2. Navigate to `/EditFacturaCliente?codcliente=\u003ccustomer_code\u003e`\n3. In the invoice form, click the product search button next to the \"Referencia\" field\n4. Click on the \u0027malicious\u0027 product `alert(1)`\n\n\u003cimg width=\"1162\" height=\"536\" alt=\"image\" src=\"https://github.com/user-attachments/assets/aaa2879e-c1fb-4af9-8501-bac03ca24ffe\" /\u003e\n\n\n## Impact\n\nAlthough session cookies (`fsLogkey`, `fsNick`) have the `HttpOnly` flag set and cannot be read directly via `document.cookie`, the injected script runs in the victim\u0027s authenticated browser context, meaning the attacker can make arbitrary authenticated requests on their behalf, create new admin users via AJAX POST to `/EditUser`, exfiltrate any business data visible in the DOM, or redirect the user to an external site. The most critical scenario is privilege escalation: a low-privilege employee with only warehouse\naccess can execute JavaScript in an administrator\u0027s session without knowing their password.\n\n## Recommended fix\n\nApply `htmlspecialchars()` with `ENT_QUOTES` before inserting `referencia` into the `onclick` attribute in both affected files.\n\n**`Core/Lib/AjaxForms/SalesModalHTML.php`**\n\n```php\n// Before (vulnerable):\n$tbody .= \u0027\u003ctr onclick=\"return salesFormAction(\\\u0027add-product\\\u0027, \\\u0027\u0027\n . $row[\u0027referencia\u0027]\n . \u0027\\\u0027);\"\u003e\u0027;\n\n// After (safe):\n$tbody .= \u0027\u003ctr onclick=\"return salesFormAction(\\\u0027add-product\\\u0027, \\\u0027\u0027\n . htmlspecialchars($row[\u0027referencia\u0027], ENT_QUOTES, \u0027UTF-8\u0027)\n . \u0027\\\u0027);\"\u003e\u0027;\n```\n\n**`Core/Lib/AjaxForms/PurchasesModalHTML.php`**\n\nApply the same change to the equivalent line.\n\n**Why `ENT_QUOTES` is required:** `ENT_QUOTES` encodes both `\"` and `\u0027` characters. This ensures that `\u0027` is stored as `\u0026#39;` and \u2014 critically \u2014 remains `\u0026#39;` after `innerHTML` assignment, because `htmlspecialchars` produces a form that the HTML parser does not decode back into a raw quote inside a JS string context.\n\n**Alternative mitigation:** replace `innerHTML` with `innerText` or a DOM-based rendering approach that never parses injected strings as HTML. This would eliminate the entire class of HTML-injection-via-innerHTML vulnerabilities in the sales and purchases\nforms.\n\n## Credits\nOmar Ramirez",
"id": "GHSA-r736-2678-fcrx",
"modified": "2026-06-08T23:53:15Z",
"published": "2026-05-07T19:37:08Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/NeoRazorX/facturascripts/security/advisories/GHSA-r736-2678-fcrx"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42877"
},
{
"type": "PACKAGE",
"url": "https://github.com/NeoRazorX/facturascripts"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"type": "CVSS_V3"
}
],
"summary": "FacturaScripts vulnerable to stored XSS via product reference in sales/purchases"
}
Loading…
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…