CVE-2026-2678

Name of the Vulnerable Software and Affected Versions A3factura (affected versions not specified)

Description A reflected Cross-Site Scripting (XSS) issue exists on the A3factura web platform. The issue is present in the name parameter within the ''a3factura-app.wolterskluwer.es/#/incomes/customers'' API endpoint. Successful exploitation could allow an attacker to execute arbitrary code in the victim's browser. The vulnerable parameter is name.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.