CVE-2026-11943

UNKNOWN 0.0

Akaunting 3.1.21 - Authenticated stored XSS in document timeline

CVSS Score

0.0

EPSS Score

0.0%

EPSS Percentile

0th

Akaunting 3.1.21 contains an authenticated stored cross-site scripting vulnerability in the document timeline shown on invoice and bill detail pages. An authenticated user can store HTML/JavaScript in their own profile name.

CWE	CWE-79
Vendor	akaunting
Product	akaunting
Published	Jun 22, 2026
Last Updated	Jun 22, 2026

Stay Ahead of the Next One

Get instant alerts for akaunting akaunting

Be the first to know when new unknown vulnerabilities affecting akaunting akaunting are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

Affected Versions

Akaunting / Akaunting

3.1.21

References

NVD ↗ CVE.org ↗ EPSS Data ↗

fluidattacks.com: https://fluidattacks.com/es/advisories/thunder github.com: https://github.com/akaunting/akaunting

Credits

Oscar Naveda Fluid Attacks' AI SAST Scanner