Vulnerabilities > Akaunting > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-10-25 | CVE-2020-20908 | Cross-site Scripting vulnerability in Akaunting Akaunting v1.3.17 was discovered to contain a stored cross-site scripting (XSS) vulnerability which allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the Company Name input field. | 5.4 |
| 2021-08-04 | CVE-2021-36802 | Unspecified vulnerability in Akaunting Akaunting version 2.1.12 and earlier suffers from a denial-of-service issue that is triggered by setting a malformed 'locale' variable and sending it in an otherwise normal HTTP POST request. | 6.5 |
| 2021-08-04 | CVE-2021-36803 | Cross-site Scripting vulnerability in Akaunting Akaunting version 2.1.12 and earlier suffers from a persistent (type II) cross-site scripting (XSS) vulnerability in processing user-supplied avatar images. | 5.4 |
| 2021-08-04 | CVE-2021-36805 | Cross-site Scripting vulnerability in Akaunting Akaunting version 2.1.12 and earlier suffers from a persistent (type II) cross-site scripting (XSS) vulnerability in the sales invoice processing component of the application. | 4.8 |