CVE-2021-36803

Summary

Akaunting version 2.1.12 and earlier suffers from a persistent (type II) cross-site scripting (XSS) vulnerability in processing user-supplied avatar images. This issue was fixed in version 2.1.13 of the product.

Affected Software

VendorProductVersion RangeStatus
AkauntingAkaunting2.1.12 <= 2.1.12affected

Weaknesses

  • CWE-79: CWE-79 Cross-site Scripting (XSS)

ADP Enrichment

CVE Program Container

Additional References

References