facturascripts/facturascripts is vulnerable to reflected cross-site scripting (XSS) attacks. A malicious user is able to inject and execute arbitrary javascript through the codbalance
parameter in test()
function in Balance.php
file, which could lead to compromised user accounts/devices.