VETTRIVEL U

3 exploits Active since Nov 2025
CVE-2025-69210 EXPLOITDB MEDIUM text WORKING POC
Facturascripts < 2025.7 - XSS
FacturaScripts is open-source enterprise resource planning and accounting software. Prior to version 2025.7, a stored cross-site scripting (XSS) vulnerability exists in the product file upload functionality. Authenticated users can upload crafted XML files containing executable JavaScript. These files are later rendered by the application without sufficient sanitization or content-type enforcement, allowing arbitrary JavaScript execution when the file is accessed. Because product files uploaded by regular users are visible to administrative users, this vulnerability can be leveraged to execute malicious JavaScript in an administrator’s browser session. Version 2025.7 fixes the issue.
CVSS 5.4
CVE-2025-64049 WRITEUP MEDIUM WRITEUP
Redaxo < 5.20.1 - XSS
A stored cross-site scripting (XSS) vulnerability in the module management component in REDAXO CMS 5.20.0 allows remote users to inject arbitrary web script or HTML via the Output code field in modules. The payload is executed when a user views or edits an article by adding slice that uses the compromised module.
CVSS 4.8
CVE-2025-64050 WRITEUP HIGH WRITEUP
Redaxo < 5.20.1 - Code Injection
A Remote Code Execution (RCE) vulnerability in the template management component in REDAXO CMS 5.20.0 allows remote authenticated administrators to execute arbitrary operating system commands by injecting PHP code into an active template. The payload is executed when visitors access frontend pages using the compromised template.
CVSS 7.2