facturascripts/facturascripts is vulnerable to cross site scripting. The vulnerability exists due to a lack of sanitization of the username
field allowing an attacker to input maliciously crafted script via the username
field when showing ‘login-user-not-found’ message.