Akaunting

Akaunting

17 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
4.8

CVE-2026-11994

  • EPSS 0.32%
  • Veröffentlicht 22.06.2026 15:37:58
  • Zuletzt bearbeitet 22.06.2026 19:16:39

Akaunting 3.1.21 contains an authenticated stored Cross-Site Scripting vulnerability in the report management workflow. A user with permission to create or update reports can store arbitrary HTML/JavaScript in the description field of a report.

4.8

CVE-2026-11943

  • EPSS 0.26%
  • Veröffentlicht 22.06.2026 15:30:36
  • Zuletzt bearbeitet 22.06.2026 18:16:31

Akaunting 3.1.21 contains an authenticated stored cross-site scripting vulnerability in the document timeline shown on invoice and bill detail pages. An authenticated user can store HTML/JavaScript in their own profile name.

4.8

CVE-2026-11942

  • EPSS 0.26%
  • Veröffentlicht 22.06.2026 15:18:29
  • Zuletzt bearbeitet 22.06.2026 18:16:31

Akaunting 3.1.21 contains an authenticated stored cross-site scripting vulnerability in the reusable delete confirmation flow. A user with permission to create or modify records, such as Items, can store HTML/JavaScript in the record name.

6.3

CVE-2026-8193

Exploit
  • EPSS 0.21%
  • Veröffentlicht 09.05.2026 18:45:08
  • Zuletzt bearbeitet 11.05.2026 15:11:48

A weakness has been identified in Akaunting 3.1.21. This issue affects some unknown processing of the file config/dompdf.php of the component Invoice PDF Rendering. Executing a manipulation can lead to server-side request forgery. The attack may be l...

3.5

CVE-2026-5568

  • EPSS 0.25%
  • Veröffentlicht 05.04.2026 13:17:14
  • Zuletzt bearbeitet 29.04.2026 01:00:01

A vulnerability has been found in Akaunting up to 3.1.21. This issue affects some unknown processing of the component Invoice/Billing. The manipulation of the argument notes leads to cross site scripting. The attack is possible to be carried out remo...

8.6

CVE-2024-58293

Exploit
  • EPSS 0.3%
  • Veröffentlicht 11.12.2025 21:35:50
  • Zuletzt bearbeitet 15.04.2026 00:35:42

Akaunting 3.1.8 contains a server-side template injection vulnerability that allows authenticated administrators to execute template expressions in multiple form input fields. Attackers can inject template payloads in items, taxes, transactions, and ...

6.5

CVE-2025-55522

Exploit
  • EPSS 0.38%
  • Veröffentlicht 21.08.2025 17:15:31
  • Zuletzt bearbeitet 10.09.2025 20:02:08

Cross-site scripting (XSS) vulnerability in the component /common/reports of Akaunting v3.1.18 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the name parameter.

6.5

CVE-2025-55521

Exploit
  • EPSS 0.44%
  • Veröffentlicht 21.08.2025 17:15:31
  • Zuletzt bearbeitet 10.09.2025 19:56:25

An issue in the component /settings/localisation of Akaunting v3.1.18 allows authenticated attackers to cause a Denial of Service (DoS) via a crafted POST request.

9.8

CVE-2024-22836

  • EPSS 30.04%
  • Veröffentlicht 08.02.2024 20:15:52
  • Zuletzt bearbeitet 21.11.2024 08:56:41

An OS command injection vulnerability exists in Akaunting v3.1.3 and earlier. An attacker can manipulate the company locale when installing an app to execute system commands on the hosting server.

5.4

CVE-2020-20908

Exploit
  • EPSS 0.6%
  • Veröffentlicht 25.10.2021 15:15:07
  • Zuletzt bearbeitet 21.11.2024 05:12:18

Akaunting v1.3.17 was discovered to contain a stored cross-site scripting (XSS) vulnerability which allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the Company Name input field.