Lucene search
K

143 matches found

NVD
NVD
added 2026/06/22 6:16 p.m.12 views

CVE-2026-11994

Akaunting 3.1.21 contains an authenticated stored Cross-Site Scripting vulnerability in the report management workflow. A user with permission to create or update reports can store arbitrary HTML/JavaScript in the description field of a report...

4.8CVSS0.00321EPSS
Exploits0References2
NVD
NVD
added 2026/06/22 4:16 p.m.12 views

CVE-2026-11942

Akaunting 3.1.21 contains an authenticated stored cross-site scripting vulnerability in the reusable delete confirmation flow. A user with permission to create or modify records, such as Items, can store HTML/JavaScript in the record name...

4.8CVSS0.00261EPSS
Exploits0References2
NVD
NVD
added 2026/06/22 4:16 p.m.13 views

CVE-2026-11943

Akaunting 3.1.21 contains an authenticated stored cross-site scripting vulnerability in the document timeline shown on invoice and bill detail pages. An authenticated user can store HTML/JavaScript in their own profile name...

4.8CVSS0.00261EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/06/22 3:37 p.m.2 views

CVE-2026-11994

Akaunting 3.1.21 contains an authenticated stored Cross-Site Scripting vulnerability in the report management workflow. A user with permission to create or update reports can store arbitrary HTML/JavaScript in the description field of a report...

4.8CVSS6AI score0.00321EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2026/06/22 3:37 p.m.31 views

CVE-2026-11994 Akaunting 3.1.21 - Authenticated stored XSS in report description rendering

Akaunting 3.1.21 contains an authenticated stored Cross-Site Scripting vulnerability in the report management workflow. A user with permission to create or update reports can store arbitrary HTML/JavaScript in the description field of a report...

4.8CVSS0.00321EPSS
Exploits0References2
CVE
CVE
added 2026/06/22 3:37 p.m.9 views

CVE-2026-11994

CVE-2026-11994 concerns Akaunting 3.1.21, reporting an authenticated stored XSS in the report description rendering . A user with permission to create or update reports can store arbitrary HTML/JavaScript in the description field of a report, potentially affecting other users interacting with the...

4.8CVSS6AI score0.00321EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/22 3:30 p.m.32 views

CVE-2026-11943 Akaunting 3.1.21 - Authenticated stored XSS in document timeline

Akaunting 3.1.21 contains an authenticated stored cross-site scripting vulnerability in the document timeline shown on invoice and bill detail pages. An authenticated user can store HTML/JavaScript in their own profile name...

4.8CVSS0.00261EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/22 3:30 p.m.8 views

EUVD-2026-38270

Akaunting 3.1.21 contains an authenticated stored cross-site scripting vulnerability in the document timeline shown on invoice and bill detail pages. An authenticated user can store HTML/JavaScript in their own profile name...

4.8CVSS5.7AI score0.00261EPSS
Exploits0References2
CVE
CVE
added 2026/06/22 3:30 p.m.22 views

CVE-2026-11943

CVE-2026-11943 affects Akaunting 3.1.21 and is an authenticated stored cross-site scripting vulnerability in the document timeline shown on invoice and bill detail pages. An authenticated user can store HTML/JavaScript in their own profile name, which can be reflected in the UI. The CVSS4 vector ...

4.8CVSS5.7AI score0.00261EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/06/22 3:18 p.m.3 views

CVE-2026-11942

Akaunting 3.1.21 contains an authenticated stored cross-site scripting vulnerability in the reusable delete confirmation flow. A user with permission to create or modify records, such as Items, can store HTML/JavaScript in the record name...

4.8CVSS5.7AI score0.00261EPSS
Exploits0References3Affected Software1
EUVD
EUVD
added 2026/06/22 3:18 p.m.8 views

EUVD-2026-38260

Akaunting 3.1.21 contains an authenticated stored cross-site scripting vulnerability in the reusable delete confirmation flow. A user with permission to create or modify records, such as Items, can store HTML/JavaScript in the record name...

4.8CVSS5.7AI score0.00261EPSS
Exploits0References2
CVE
CVE
added 2026/06/22 3:18 p.m.18 views

CVE-2026-11942

CVE-2026-11942 affects Akaunting 3.1.21. The vulnerability is an authenticated stored cross-site scripting flaw in the reusable delete confirmation flow: a user with permission to create or modify records (e.g., Items) can store HTML/JavaScript in a record name, which could be reflected to other ...

4.8CVSS5.7AI score0.00261EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/22 3:18 p.m.30 views

CVE-2026-11942 Akaunting 3.1.21 - Stored XSS in delete confirmation modal

Akaunting 3.1.21 contains an authenticated stored cross-site scripting vulnerability in the reusable delete confirmation flow. A user with permission to create or modify records, such as Items, can store HTML/JavaScript in the record name...

4.8CVSS0.00261EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/05/11 8:27 p.m.11 views

CVE-2026-8193

A weakness has been identified in Akaunting 3.1.21. This issue affects some unknown processing of the file config/dompdf.php of the component Invoice PDF Rendering. Executing a manipulation can lead to server-side request forgery. The attack may be launched remotely. The exploit has been made...

6.5CVSS6.2AI score0.00206EPSS
Exploits0References1
EUVD
EUVD
added 2026/05/09 9:32 p.m.11 views

EUVD-2026-28921

A weakness has been identified in Akaunting 3.1.21. This issue affects some unknown processing of the file config/dompdf.php of the component Invoice PDF Rendering. Executing a manipulation can lead to server-side request forgery. The attack may be launched remotely. The exploit has been made...

6.5CVSS5.5AI score0.00206EPSS
Exploits0References5
NVD
NVD
added 2026/05/09 7:16 p.m.24 views

CVE-2026-8193

A weakness has been identified in Akaunting 3.1.21. This issue affects some unknown processing of the file config/dompdf.php of the component Invoice PDF Rendering. Executing a manipulation can lead to server-side request forgery. The attack may be launched remotely. The exploit has been made...

6.5CVSS0.00206EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/05/09 6:45 p.m.7 views

CVE-2026-8193 Akaunting Invoice PDF Rendering dompdf.php server-side request forgery

A weakness has been identified in Akaunting 3.1.21. This issue affects some unknown processing of the file config/dompdf.php of the component Invoice PDF Rendering. Executing a manipulation can lead to server-side request forgery. The attack may be launched remotely. The exploit has been made...

6.5CVSS6.2AI score0.00206EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/05/09 6:45 p.m.10 views

CVE-2026-8193

A weakness has been identified in Akaunting 3.1.21. This issue affects some unknown processing of the file config/dompdf.php of the component Invoice PDF Rendering. Executing a manipulation can lead to server-side request forgery. The attack may be launched remotely. The exploit has been made...

6.5CVSS6.2AI score0.00206EPSS
Exploits0References4
CVE
CVE
added 2026/05/09 6:45 p.m.32 views

CVE-2026-8193

CVE-2026-8193 affects Akaunting 3.1.21, specifically the Invoice PDF Rendering component’s dompdf.php file. The vulnerability arises from unknown processing in that file, enabling a remote attacker to manipulate inputs to achieve server-side request forgery (SSRF). Exploitation is indicated as po...

6.5CVSS6.2AI score0.00206EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/05/09 6:45 p.m.44 views

CVE-2026-8193 Akaunting Invoice PDF Rendering dompdf.php server-side request forgery

A weakness has been identified in Akaunting 3.1.21. This issue affects some unknown processing of the file config/dompdf.php of the component Invoice PDF Rendering. Executing a manipulation can lead to server-side request forgery. The attack may be launched remotely. The exploit has been made...

6.5CVSS0.00206EPSS
Exploits0References4
Rows per page
Query Builder