CVE-2026-11942

UNKNOWN 0.0

Akaunting 3.1.21 - Stored XSS in delete confirmation modal

CVSS Score

0.0

EPSS Score

0.0%

EPSS Percentile

0th

Akaunting 3.1.21 contains an authenticated stored cross-site scripting vulnerability in the reusable delete confirmation flow. A user with permission to create or modify records, such as Items, can store HTML/JavaScript in the record name.

CWE	CWE-79
Vendor	akaunting
Product	akaunting
Published	Jun 22, 2026
Last Updated	Jun 22, 2026

Stay Ahead of the Next One

Get instant alerts for akaunting akaunting

Be the first to know when new unknown vulnerabilities affecting akaunting akaunting are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

Affected Versions

Akaunting / Akaunting

3.1.21

References

NVD ↗ CVE.org ↗ EPSS Data ↗

fluidattacks.com: https://fluidattacks.com/es/advisories/human github.com: https://github.com/akaunting/akaunting

Credits

Oscar Naveda Fluid Attacks' AI SAST Scanner