Product
akaunting
11 known vulnerabilities across versions
Vulnerabilities are listed by affected version. Select any CVE for the full briefing and its intelligence graph.
CVE-2025-55522
CVE-2025-55521
CVE-2024-22836
CVE-2020-20908
CVE-2021-36805
CVE-2021-36804
CVE-2021-36803
CVE-2021-36802
CVE-2021-36801
CVE-2021-36800
CVE-2020-22390
>= 3.0.4 and <= 3.1.19
Cross-site scripting (XSS) vulnerability in the component /common/reports of Akaunting v3.1.18 allows attackers to execute arbitra
<= 3.1.19
An issue in the component /settings/localisation of Akaunting v3.1.18 allows authenticated attackers to cause a Denial of Service
< 3.1.4
An OS command injection vulnerability exists in Akaunting v3.1.3 and earlier. An attacker can manipulate the company locale when i
>= 1.0.0 and <= 1.3.17
Akaunting v1.3.17 was discovered to contain a stored cross-site scripting (XSS) vulnerability which allows attackers to execute ar
< 2.1.13
Akaunting version 2.1.12 and earlier suffers from a persistent (type II) cross-site scripting (XSS) vulnerability in the sales inv
< 2.1.13
Akaunting version 2.1.12 and earlier suffers from a password reset spoofing vulnerability, wherein an attacker can proxy password
< 2.1.13
Akaunting version 2.1.12 and earlier suffers from a persistent (type II) cross-site scripting (XSS) vulnerability in processing us
<= 2.1.12
Akaunting version 2.1.12 and earlier suffers from a denial-of-service issue that is triggered by setting a malformed 'locale' vari
<= 2.1.12
Akaunting version 2.1.12 and earlier suffers from an authentication bypass issue in the user-controllable field, companies[0]. Thi
< 2.1.13
Akaunting version 2.1.12 and earlier suffers from a code injection issue in the Money.php component of the application. A POST sen
<= 2.0.9
Akaunting <= 2.0.9 is vulnerable to CSV injection in the Item name field, export function. Attackers can inject arbitrary code int