8 matches found
CVE-2026-2679 Multiple vulnerabilities in A3factura software
Reflected Cross-Site Scripting XSS on the A3factura web platform, in parameter 'customerName', in 'a3factura-app.wolterskluwer.es//incomes/salesInvoices' endpoint, which could allow an attacker to execute arbitrary code in the victim's browser...
CVE-2026-2679 Multiple vulnerabilities in A3factura software
Reflected Cross-Site Scripting XSS on the A3factura web platform, in parameter 'customerName', in 'a3factura-app.wolterskluwer.es//incomes/salesInvoices' endpoint, which could allow an attacker to execute arbitrary code in the victim's browser...
CVE-2026-2679
Reflected Cross‑Site Scripting (XSS) vulnerability detected in the A3factura web platform, via the parameter 'customerName' in the endpoint a3factura-app.wolterskluwer.es/#/incomes/salesInvoices. The issue is documented across multiple sources (NVD, Red Hat, EUVD, CVE records) as allowing an atta...
CVE-2025-70095
A cross-site scripting XSS vulnerability in the item management and sales invoice function of OpenSourcePOS v3.4.1 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload...
CVE-2025-70095
A cross-site scripting XSS vulnerability in the item management and sales invoice function of OpenSourcePOS v3.4.1 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload...
CVE-2025-70095
A cross-site scripting XSS vulnerability in the item management and sales invoice function of OpenSourcePOS v3.4.1 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload...
CVE-2025-70095
A cross-site scripting XSS vulnerability in the item management and sales invoice function of OpenSourcePOS v3.4.1 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload...
Code injection
Akaunting version 2.1.12 and earlier suffers from a code injection issue in the Money.php component of the application. A POST sent to /companyid/sales/invoices/invoiceid with an items0price that includes a PHP callable function is executed directly. This issue was fixed in version 2.1.13 of the...