PT-2025-34254 · Unknown · Akaunting 3.1.18
Vityuasd
·
Published
2025-08-21
·
Updated
2025-08-21
·
CVE-2025-55522
CVSS v3.1
6.5
Medium
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
Name of the Vulnerable Software and Affected Versions:
Akaunting version 3.1.18
Description:
A cross-site scripting (XSS) issue exists in the
/common/reports component of the software. Attackers can execute arbitrary web scripts or HTML by injecting a crafted payload into the name parameter.Recommendations:
As a mitigation, sanitize or encode user-supplied data for the
name parameter in the /common/reports component.Exploit
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Akaunting 3.1.18