Vulnerabilities > Akaunting
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-02-08 | CVE-2024-22836 | OS Command Injection vulnerability in Akaunting An OS command injection vulnerability exists in Akaunting v3.1.3 and earlier. | 9.8 |
| 2021-10-25 | CVE-2020-20908 | Cross-site Scripting vulnerability in Akaunting Akaunting v1.3.17 was discovered to contain a stored cross-site scripting (XSS) vulnerability which allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the Company Name input field. | 5.4 |
| 2021-08-04 | CVE-2021-36800 | Code Injection vulnerability in Akaunting Akaunting version 2.1.12 and earlier suffers from a code injection issue in the Money.php component of the application. | 9.1 |
| 2021-08-04 | CVE-2021-36801 | Authorization Bypass Through User-Controlled Key vulnerability in Akaunting Akaunting version 2.1.12 and earlier suffers from an authentication bypass issue in the user-controllable field, companies[0]. | 8.1 |
| 2021-08-04 | CVE-2021-36802 | Unspecified vulnerability in Akaunting Akaunting version 2.1.12 and earlier suffers from a denial-of-service issue that is triggered by setting a malformed 'locale' variable and sending it in an otherwise normal HTTP POST request. | 6.5 |
| 2021-08-04 | CVE-2021-36803 | Cross-site Scripting vulnerability in Akaunting Akaunting version 2.1.12 and earlier suffers from a persistent (type II) cross-site scripting (XSS) vulnerability in processing user-supplied avatar images. | 5.4 |
| 2021-08-04 | CVE-2021-36804 | Weak Password Recovery Mechanism for Forgotten Password vulnerability in Akaunting Akaunting version 2.1.12 and earlier suffers from a password reset spoofing vulnerability, wherein an attacker can proxy password reset requests through a running Akaunting instance, if that attacker knows the target's e-mail address. | 8.1 |
| 2021-08-04 | CVE-2021-36805 | Cross-site Scripting vulnerability in Akaunting Akaunting version 2.1.12 and earlier suffers from a persistent (type II) cross-site scripting (XSS) vulnerability in the sales invoice processing component of the application. | 4.8 |
| 2021-06-21 | CVE-2020-22390 | Improper Neutralization of Formula Elements in a CSV File vulnerability in Akaunting Akaunting <= 2.0.9 is vulnerable to CSV injection in the Item name field, export function. | 8.8 |