147 matches found
CVE-2024-22836
An OS command injection vulnerability exists in Akaunting v3.1.3 and earlier. An attacker can manipulate the company locale when installing an app to execute system commands on the hosting server...
CVE-2024-22836
An OS command injection vulnerability exists in Akaunting v3.1.3 and earlier. An attacker can manipulate the company locale when installing an app to execute system commands on the hosting server...
Akaunting Operating System Command Injection Vulnerability
Akaunting is an application from Akaunting that provides all the tools needed to manage money online. An operating system command injection vulnerability exists in Akaunting v3.1.3 and prior versions, which stems from the presence of an operating system command injection that could allow an...
Akaunting Cross-Site Scripting Vulnerability (CNVD-2021-103569)
Akaunting, an application from Akaunting, Inc. provides all the tools needed to manage funds online.Akaunting version 1.3.17 contains a cross-site scripting vulnerability that stems from a lack of checksum filtering of user-supplied and output data in the company name input field. An attacker cou...
CVE-2020-20908
Akaunting v1.3.17 was discovered to contain a stored cross-site scripting XSS vulnerability which allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the Company Name input field...
CVE-2020-20908
Akaunting v1.3.17 was discovered to contain a stored cross-site scripting XSS vulnerability which allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the Company Name input field...
Cross site scripting
Akaunting v1.3.17 was discovered to contain a stored cross-site scripting XSS vulnerability which allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the Company Name input field...
CVE-2020-20908
Akaunting v1.3.17 was discovered to contain a stored cross-site scripting XSS vulnerability which allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the Company Name input field...
CVE-2020-20908
CVE-2020-20908 affects Akaunting v1.3.17, with a stored XSS vulnerability in the Company Name input field. The root cause noted in CNVD-style sources is insufficient filtering/validation of user-supplied data, allowing an attacker to inject and execute JavaScript in the client context. Public ref...
Akaunting 跨站脚本漏洞
Akaunting, an application from Akaunting, Inc. provides all the tools needed to manage funds online.Akaunting version 1.3.17 contains a cross-site scripting vulnerability that stems from a lack of checksum filtering of user-supplied and output data in the company name input field. An attacker cou...
The vulnerability of the Money.php component of the accounting software Akaunting allows a perpetrator to compromise the confidentiality, integrity, and accessibility of the protected information.
The vulnerability of the Money.php component of the accounting software Akaunting is related to improper code generation. Exploiting this vulnerability allows a remote attacker to compromise the confidentiality, integrity, and accessibility of the protected information...
Malicious Password Resetting
laravel/laravel is doing malicious password resetting. The vulnerability exists because an attacker who knows the target's e-mail address can send proxy password reset requests through a running Akaunting instance...
GHSA-246R-R2WF-FRHX Malicious password-reset in Akaunting
Akaunting version 2.1.12 and earlier suffers from a password reset spoofing vulnerability, wherein an attacker can proxy password reset requests through a running Akaunting instance, if that attacker knows the target's e-mail address. This issue was fixed in version 2.1.13 of the product. Please...
Malicious password-reset in Akaunting
Akaunting version 2.1.12 and earlier suffers from a password reset spoofing vulnerability, wherein an attacker can proxy password reset requests through a running Akaunting instance, if that attacker knows the target's e-mail address. This issue was fixed in version 2.1.13 of the product. Please...
Weak Password Recovery Mechanism for Forgotten Password
Akaunting version 2.1.12 and earlier suffers from a password reset spoofing vulnerability, wherein an attacker can proxy password reset requests through a running Akaunting instance, if that attacker knows the target's e-mail address. This issue was fixed in version 2.1.13 of the product. Please...
Akaunting Cross-Site Scripting Vulnerability (CNVD-2021-94938)
Akaunting is a free, open source online accounting software designed for small businesses and freelancers. akaunting 2.1.12 and earlier versions contain a persistent cross-site scripting vulnerability when processing user-supplied avatar images. An attacker could exploit the vulnerability to inse...
Akaunting authentication bypass vulnerability
Akaunting is a free, open source online accounting software designed for small businesses and freelancers.An authentication bypass vulnerability exists in the user-controllable field companies0 in Akaunting 2.1.12 and earlier versions. No detailed vulnerability details are currently available...
CVE-2021-36802
Akaunting version 2.1.12 and earlier suffers from a denial-of-service issue that is triggered by setting a malformed 'locale' variable and sending it in an otherwise normal HTTP POST request. This issue was fixed in version 2.1.13 of the product...
CVE-2021-36804
Akaunting version 2.1.12 and earlier suffers from a password reset spoofing vulnerability, wherein an attacker can proxy password reset requests through a running Akaunting instance, if that attacker knows the target's e-mail address. This issue was fixed in version 2.1.13 of the product. Please...
CVE-2021-36801
Akaunting version 2.1.12 and earlier suffers from an authentication bypass issue in the user-controllable field, companies0. This issue was fixed in version 2.1.13 of the product...