CVE-2026-32699
UNKNOWN
NVD
CVSS Score
0
Severity
UNKNOWN
Published
May 05, 2026
Vendor
unknown
Description
FacturaScripts is an open source accounting and invoicing software. In versions 2025.92 and earlier, the application fails to validate the nick parameter during a POST request to the EditUser controller. Although the user interface prevents editing this field, a user can bypass this restriction by intercepting the request and modifying the nick form-data parameter to rename any account, including the administrator account. This leads to unauthorized modification of a field intended to be immutable.