CVE-2026-5568

LOW

Akaunting Invoice/Billing cross site scripting

Title source: cna

Description

A vulnerability has been found in Akaunting up to 3.1.21. This issue affects some unknown processing of the component Invoice/Billing. The manipulation of the argument notes leads to cross site scripting. The attack is possible to be carried out remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

References (4)

[Vdb Entry, Technical Description] https://vuldb.com/vuln/355338

[Signature, Permissions Required] https://vuldb.com/vuln/355338/cti

[Third Party Advisory] https://vuldb.com/submit/783139

[Exploit] https://docs.google.com/document/d/1TFwYGdjDblEGCMM0l67PXz0HXZu_iUqWDQZavtM9t1U/edit?usp=sharing

Scores

CVSS v3 3.5

EPSS 0.0001

EPSS Percentile 1.1%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N

Details

CWE

CWE-79 CWE-94

Status published

Products (22)

None/Akaunting 3.1.0

None/Akaunting 3.1.1

None/Akaunting 3.1.10

None/Akaunting 3.1.11

None/Akaunting 3.1.12

None/Akaunting 3.1.13

None/Akaunting 3.1.14

None/Akaunting 3.1.15

None/Akaunting 3.1.16

None/Akaunting 3.1.17

... and 12 more

Published Apr 05, 2026

Tracked Since Apr 05, 2026