Product
FacturaScripts is vulnerable to CVE-2026-45263, a CSV formula injection vulnerability due to improper sanitization of user-supplied input when exporting data to CSV files, allowing a low-privilege authenticated user to embed formula-triggering characters in text fields that execute when an administrator opens the exported CSV with spreadsheet software, potentially leading to code execution on the admin's workstation via DDE or macro invocation and credential theft.