CVE-2020-20908

Name of the Vulnerable Software and Affected Versions: Akaunting version 1.3.17

Description: A stored cross-site scripting (XSS) issue allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the Company Name input field. This enables the execution of malicious scripts, potentially leading to unauthorized actions on the affected system.

Recommendations: For Akaunting version 1.3.17, consider disabling the Company Name input field until a patch is available to prevent exploitation of the stored XSS vulnerability. Restrict access to this field to minimize the risk of malicious script execution. At the moment, there is no information about a newer version that contains a fix for this vulnerability.