Lucene search
+L

147 matches found

osv
osv
added 2024/02/08 12:0 a.m.38 views

CVE-2024-22836

An OS command injection vulnerability exists in Akaunting v3.1.3 and earlier. An attacker can manipulate the company locale when installing an app to execute system commands on the hosting server...

9.8CVSS7.8AI score0.30036EPSS
Exploits3References5
cvelist
cvelist
added 2024/02/08 12:0 a.m.59 views

CVE-2024-22836

An OS command injection vulnerability exists in Akaunting v3.1.3 and earlier. An attacker can manipulate the company locale when installing an app to execute system commands on the hosting server...

10AI score0.30036EPSS
Exploits3References3
cnnvd
cnnvd
added 2024/02/08 12:0 a.m.6 views

Akaunting Operating System Command Injection Vulnerability

Akaunting is an application from Akaunting that provides all the tools needed to manage money online. An operating system command injection vulnerability exists in Akaunting v3.1.3 and prior versions, which stems from the presence of an operating system command injection that could allow an...

9.8CVSS7.6AI score0.30036EPSS
Exploits3References6
cnvd
cnvd
added 2021/10/28 12:0 a.m.8 views

Akaunting Cross-Site Scripting Vulnerability (CNVD-2021-103569)

Akaunting, an application from Akaunting, Inc. provides all the tools needed to manage funds online.Akaunting version 1.3.17 contains a cross-site scripting vulnerability that stems from a lack of checksum filtering of user-supplied and output data in the company name input field. An attacker cou...

5.4CVSS3.4AI score0.00596EPSS
Exploits1References1
nvd
nvd
added 2021/10/25 3:15 p.m.17 views

CVE-2020-20908

Akaunting v1.3.17 was discovered to contain a stored cross-site scripting XSS vulnerability which allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the Company Name input field...

5.4CVSS0.00596EPSS
Exploits1References1
osv
osv
added 2021/10/25 3:15 p.m.6 views

CVE-2020-20908

Akaunting v1.3.17 was discovered to contain a stored cross-site scripting XSS vulnerability which allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the Company Name input field...

5.4CVSS5.8AI score
Exploits0References1
prion
prion
added 2021/10/25 3:15 p.m.15 views

Cross site scripting

Akaunting v1.3.17 was discovered to contain a stored cross-site scripting XSS vulnerability which allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the Company Name input field...

3.5CVSS5.3AI score0.00596EPSS
Exploits1References1Affected Software1
cvelist
cvelist
added 2021/10/25 2:37 p.m.13 views

CVE-2020-20908

Akaunting v1.3.17 was discovered to contain a stored cross-site scripting XSS vulnerability which allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the Company Name input field...

5.4AI score0.00596EPSS
Exploits1References1
cve
cve
added 2021/10/25 2:37 p.m.44 views

CVE-2020-20908

CVE-2020-20908 affects Akaunting v1.3.17, with a stored XSS vulnerability in the Company Name input field. The root cause noted in CNVD-style sources is insufficient filtering/validation of user-supplied data, allowing an attacker to inject and execute JavaScript in the client context. Public ref...

5.4CVSS5.3AI score0.00596EPSS
Exploits1References1Affected Software1
cnnvd
cnnvd
added 2021/10/25 12:0 a.m.6 views

Akaunting 跨站脚本漏洞

Akaunting, an application from Akaunting, Inc. provides all the tools needed to manage funds online.Akaunting version 1.3.17 contains a cross-site scripting vulnerability that stems from a lack of checksum filtering of user-supplied and output data in the company name input field. An attacker cou...

5.4CVSS5.5AI score0.00596EPSS
Exploits1References2
bdu_fstec
bdu_fstec
added 2021/09/10 12:0 a.m.6 views

The vulnerability of the Money.php component of the accounting software Akaunting allows a perpetrator to compromise the confidentiality, integrity, and accessibility of the protected information.

The vulnerability of the Money.php component of the accounting software Akaunting is related to improper code generation. Exploiting this vulnerability allows a remote attacker to compromise the confidentiality, integrity, and accessibility of the protected information...

9.1CVSS7.7AI score0.01499EPSS
Exploits1References3Affected Software1
veracode
veracode
added 2021/09/02 6:48 a.m.25 views

Malicious Password Resetting

laravel/laravel is doing malicious password resetting. The vulnerability exists because an attacker who knows the target's e-mail address can send proxy password reset requests through a running Akaunting instance...

8.1CVSS3.3AI score0.00957EPSS
Exploits1References7Affected Software1
osv
osv
added 2021/09/01 6:31 p.m.26 views

GHSA-246R-R2WF-FRHX Malicious password-reset in Akaunting

Akaunting version 2.1.12 and earlier suffers from a password reset spoofing vulnerability, wherein an attacker can proxy password reset requests through a running Akaunting instance, if that attacker knows the target's e-mail address. This issue was fixed in version 2.1.13 of the product. Please...

8.1CVSS7.9AI score0.00957EPSS
Exploits1References6
github
github
added 2021/09/01 6:31 p.m.43 views

Malicious password-reset in Akaunting

Akaunting version 2.1.12 and earlier suffers from a password reset spoofing vulnerability, wherein an attacker can proxy password reset requests through a running Akaunting instance, if that attacker knows the target's e-mail address. This issue was fixed in version 2.1.13 of the product. Please...

8.1CVSS7.7AI score0.00957EPSS
Exploits1References6Affected Software1
gitlab
gitlab
added 2021/09/01 12:0 a.m.30 views

Weak Password Recovery Mechanism for Forgotten Password

Akaunting version 2.1.12 and earlier suffers from a password reset spoofing vulnerability, wherein an attacker can proxy password reset requests through a running Akaunting instance, if that attacker knows the target's e-mail address. This issue was fixed in version 2.1.13 of the product. Please...

8.1CVSS2.8AI score0.00957EPSS
Exploits1References6Affected Software1
cnvd
cnvd
added 2021/08/06 12:0 a.m.24 views

Akaunting Cross-Site Scripting Vulnerability (CNVD-2021-94938)

Akaunting is a free, open source online accounting software designed for small businesses and freelancers. akaunting 2.1.12 and earlier versions contain a persistent cross-site scripting vulnerability when processing user-supplied avatar images. An attacker could exploit the vulnerability to inse...

6.3CVSS3AI score0.00616EPSS
Exploits1References1
cnvd
cnvd
added 2021/08/06 12:0 a.m.14 views

Akaunting authentication bypass vulnerability

Akaunting is a free, open source online accounting software designed for small businesses and freelancers.An authentication bypass vulnerability exists in the user-controllable field companies0 in Akaunting 2.1.12 and earlier versions. No detailed vulnerability details are currently available...

8.1CVSS4.1AI score0.01068EPSS
Exploits1References1
nvd
nvd
added 2021/08/04 11:15 p.m.21 views

CVE-2021-36802

Akaunting version 2.1.12 and earlier suffers from a denial-of-service issue that is triggered by setting a malformed 'locale' variable and sending it in an otherwise normal HTTP POST request. This issue was fixed in version 2.1.13 of the product...

6.5CVSS0.00875EPSS
Exploits1References1
nvd
nvd
added 2021/08/04 11:15 p.m.20 views

CVE-2021-36804

Akaunting version 2.1.12 and earlier suffers from a password reset spoofing vulnerability, wherein an attacker can proxy password reset requests through a running Akaunting instance, if that attacker knows the target's e-mail address. This issue was fixed in version 2.1.13 of the product. Please...

8.1CVSS0.00957EPSS
Exploits1References3
nvd
nvd
added 2021/08/04 11:15 p.m.22 views

CVE-2021-36801

Akaunting version 2.1.12 and earlier suffers from an authentication bypass issue in the user-controllable field, companies0. This issue was fixed in version 2.1.13 of the product...

8.1CVSS0.01068EPSS
Exploits1References1
Rows per page
Query Builder