Lucene search
+L

8 matches found

Vulnrichment
Vulnrichment
added 2026/02/26 12:18 p.m.3 views

CVE-2026-2679 Multiple vulnerabilities in A3factura software

Reflected Cross-Site Scripting XSS on the A3factura web platform, in parameter 'customerName', in 'a3factura-app.wolterskluwer.es//incomes/salesInvoices' endpoint, which could allow an attacker to execute arbitrary code in the victim's browser...

4.8CVSS6.3AI score0.00164EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/02/26 12:18 p.m.26 views

CVE-2026-2679 Multiple vulnerabilities in A3factura software

Reflected Cross-Site Scripting XSS on the A3factura web platform, in parameter 'customerName', in 'a3factura-app.wolterskluwer.es//incomes/salesInvoices' endpoint, which could allow an attacker to execute arbitrary code in the victim's browser...

4.8CVSS0.00164EPSS
Exploits0References1
CVE
CVE
added 2026/02/26 12:18 p.m.21 views

CVE-2026-2679

Reflected Cross‑Site Scripting (XSS) vulnerability detected in the A3factura web platform, via the parameter 'customerName' in the endpoint a3factura-app.wolterskluwer.es/#/incomes/salesInvoices. The issue is documented across multiple sources (NVD, Red Hat, EUVD, CVE records) as allowing an atta...

6.1CVSS6AI score0.00164EPSS
Exploits0References1Affected Software1
RedhatCVE
RedhatCVE
added 2026/02/14 1:28 a.m.4 views

CVE-2025-70095

A cross-site scripting XSS vulnerability in the item management and sales invoice function of OpenSourcePOS v3.4.1 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload...

6.5CVSS5.5AI score0.00162EPSS
Exploits1References1
NVD
NVD
added 2026/02/13 4:16 p.m.14 views

CVE-2025-70095

A cross-site scripting XSS vulnerability in the item management and sales invoice function of OpenSourcePOS v3.4.1 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload...

6.5CVSS0.00162EPSS
Exploits1References2
Cvelist
Cvelist
added 2026/02/13 12:0 a.m.32 views

CVE-2025-70095

A cross-site scripting XSS vulnerability in the item management and sales invoice function of OpenSourcePOS v3.4.1 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload...

0.00162EPSS
Exploits1References2
OSV
OSV
added 2026/02/13 12:0 a.m.5 views

CVE-2025-70095

A cross-site scripting XSS vulnerability in the item management and sales invoice function of OpenSourcePOS v3.4.1 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload...

6.5CVSS5.6AI score0.00162EPSS
Exploits1References4
Prion
Prion
added 2021/08/04 11:15 p.m.20 views

Code injection

Akaunting version 2.1.12 and earlier suffers from a code injection issue in the Money.php component of the application. A POST sent to /companyid/sales/invoices/invoiceid with an items0price that includes a PHP callable function is executed directly. This issue was fixed in version 2.1.13 of the...

9CVSS9.2AI score0.01499EPSS
Exploits1References1Affected Software1
Rows per page
Query Builder