Lucene search
Rapid7CVELIST:CVE-2021-36805HistoryAug 04, 2021 - 10:20 p.m.
CVE-2021-36805 Akaunting Invoice Footer Persistent XSS
2021-08-0422:20:46
CWE-79
rapid7
www.cve.org
4
akaunting
version 2.1.12
xss
vulnerability
fixed
CVSS3
5.2
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:L/A:N
EPSS
0.001
Percentile
24.8%
Akaunting version 2.1.12 and earlier suffers from a persistent (type II) cross-site scripting (XSS) vulnerability in the sales invoice processing component of the application. This issue was fixed in version 2.1.13 of the product.
CNA Affected
[
{
"product": "Akaunting",
"vendor": "Akaunting",
"versions": [
{
"lessThanOrEqual": "2.1.12",
"status": "affected",
"version": "2.1.12",
"versionType": "custom"
}
]
}
]Related
osv
osv
CVE-2021-36805
2021-08-04 23:15:08
prion
prion
Cross site scripting
2021-08-04 23:15:00
nvd
nvd
CVE-2021-36805
2021-08-04 23:15:08
cve
cve
CVE-2021-36805
2021-08-04 23:15:08
thn
thn
Several Bugs Found in 3 Open-Source Software Used by Several Businesses
2021-07-27 13:01:00
rapid7blog
rapid7blog
Multiple Open Source Web App Vulnerabilities Fixed
2021-07-27 14:30:24
CVSS3
5.2
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:L/A:N
EPSS
0.001
Percentile
24.8%
Related for CVELIST:CVE-2021-36805