5 matches found
CVE-2026-11994
Akaunting 3.1.21 contains an authenticated stored Cross-Site Scripting vulnerability in the report management workflow. A user with permission to create or update reports can store arbitrary HTML/JavaScript in the description field of a report...
CVE-2025-55521
An issue in the component /settings/localisation of Akaunting v3.1.18 allows authenticated attackers to cause a Denial of Service DoS via a crafted POST request...
CVE-2020-20908
Akaunting v1.3.17 was discovered to contain a stored cross-site scripting XSS vulnerability which allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the Company Name input field...
CVE-2021-36805
Akaunting version 2.1.12 and earlier suffers from a persistent type II cross-site scripting XSS vulnerability in the sales invoice processing component of the application. This issue was fixed in version 2.1.13 of the product...
CVE-2021-36803
Akaunting version 2.1.12 and earlier suffers from a persistent type II cross-site scripting XSS vulnerability in processing user-supplied avatar images. This issue was fixed in version 2.1.13 of the product...