XSS in Akaunting
CVE-2026-11994
Akaunting 3.1.21 contains an authenticated stored Cross-Site Scripting vulnerability in the report management workflow. A user with permission to create or update reports can store arbitrary HTML/JavaScript in the description field of a re…
Vulnerability class: XSS (Cross-Site Scripting)
Affected products
- Akaunting — versions 3.1.21
Weakness classification (CWE)
References
- help@fluidattacks.com (third-party-advisory)
- help@fluidattacks.com (product)