CVE-2026-5568

LOW

Akaunting Invoice/Billing cross site scripting

Title source: cna

Description

A vulnerability has been found in Akaunting up to 3.1.21. This issue affects some unknown processing of the component Invoice/Billing. The manipulation of the argument notes leads to cross site scripting. The attack is possible to be carried out remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

References (4)

Core 4

Core References

Vdb Entry, Technical Description vdb-entry technical-description

VDB-355338 | Akaunting Invoice/Billing cross site scripting

https://vuldb.com/vuln/355338

Signature, Permissions Required signature permissions-required

VDB-355338 | CTI Indicators (IOB, IOC, TTP, IOA)

https://vuldb.com/vuln/355338/cti

Third Party Advisory third-party-advisory

Submit #783139 | Akaunting v3.1.21 Cross Site Scripting

https://vuldb.com/submit/783139

Exploit exploit

https://docs.google.com/document/d/1TFwYGdjDblEGCMM0l67PXz0HXZu_iUqWDQZavtM9t1U/edit?usp=sharing

Scores

CVSS v3 3.5

EPSS 0.0025

EPSS Percentile 16.4%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact partial

Details

CWE

CWE-79 CWE-94

Status published

Products (22)

None/Akaunting 3.1.0

None/Akaunting 3.1.1

None/Akaunting 3.1.10

None/Akaunting 3.1.11

None/Akaunting 3.1.12

None/Akaunting 3.1.13

None/Akaunting 3.1.14

None/Akaunting 3.1.15

None/Akaunting 3.1.16

None/Akaunting 3.1.17

... and 12 more

Published Apr 05, 2026

Tracked Since Apr 05, 2026