CVE-2026-32699
FacturaScripts unauthorized modification of immutable nick field via EditUser controller
CVSS Score
0.0
EPSS Score
0.0%
EPSS Percentile
0th
FacturaScripts is an open source accounting and invoicing software. In versions 2025.92 and earlier, the application fails to validate the nick parameter during a POST request to the EditUser controller. Although the user interface prevents editing this field, a user can bypass this restriction by intercepting the request and modifying the nick form-data parameter to rename any account, including the administrator account. This leads to unauthorized modification of a field intended to be immutable.
| CWE | CWE-472 |
| Vendor | neorazorx |
| Product | facturascripts |
| Published | May 5, 2026 |
| Last Updated | May 5, 2026 |
Stay Ahead of the Next One
Get instant alerts for neorazorx facturascripts
Be the first to know when new unknown vulnerabilities affecting neorazorx facturascripts are published โ delivered to Slack, Telegram or Discord.
Get Free Alerts โ
Free ยท No credit card ยท 60 sec setup
Affected Versions
NeoRazorX / facturascripts
<= 2025.92