| 제목 | Akaunting v3.1.21 Cross Site Scripting |
|---|
| 설명 | A Stored Cross-Site Scripting (XSS) vulnerability was identified in Akaunting v3.1.21, an open-source accounting application. The vulnerability exists in the notes field of invoice and bill documents. When a user holding at least a Manager-level role (both Manager and Admin roles hold the create-sales-invoices permission; Accountant and Customer roles do not) creates an invoice containing an HTML/JavaScript payload in the Notes field, the payload is stored in the database without sanitization and later rendered unescaped in the browser of any user who views the document. This satisfies the criteria for a Stored (Persistent) XSS attack.
https://github.com/akaunting/akaunting |
|---|
| 원천 | ⚠️ https://docs.google.com/document/d/1TFwYGdjDblEGCMM0l67PXz0HXZu_iUqWDQZavtM9t1U/edit?usp=sharing |
|---|
| 사용자 | gabriel (UID 72007) |
|---|
| 제출 | 2026. 03. 19. PM 08:05 (22 날 ago) |
|---|
| 모더레이션 | 2026. 04. 04. PM 04:29 (16 days later) |
|---|
| 상태 | 수락 |
|---|
| VulDB 항목 | 355338 [Akaunting 까지 3.1.21 Invoice/Billing notes 크로스 사이트 스크립팅] |
|---|
| 포인트들 | 20 |
|---|