2 matches found
CVE-2026-2680
CVE-2026-2680 describes a Reflected XSS in the A3factura web platform, affecting the endpoint a3factura-app.wolterskluwer.es/#/incomes/salesDeliveryNotes with the vulnerable parameter customerVATNumber . The issue could allow an attacker to execute arbitrary code in a victim’s browser. The CVSSv4...
CVE-2026-2678
CVE-2026-2678 affects A3factura software with a Reflected XSS vulnerability in the web platform. The issue is triggered via the parameter 'name' in the endpoint a3factura-app.wolterskluwer.es/#/incomes/customers, allowing arbitrary script execution in a victim’s browser. CVSS 4.0 indicates a MEDI...