CVE-2020-20908
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2020-20908
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2020-20908.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2020-20908
- Published
- 2021-10-25T15:15:07.537Z
- Modified
- 2025-11-14T10:55:26.996313Z
- Severity
-
- 5.4 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVSS Calculator
- Summary
- [none]
- Details
-
Akaunting v1.3.17 was discovered to contain a stored cross-site scripting (XSS) vulnerability which allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the Company Name input field.
- References
Affected packages
Git / github.com/akaunting/akaunting
Affected versions
1.*
1.0.0
1.0.1
1.0.10
1.0.11
1.0.12
1.0.2
1.0.3
1.0.4
1.0.5
1.0.6
1.0.7
1.0.8
1.0.9
1.1.0
1.1.1
1.1.10
1.1.11
1.1.12
1.1.13
1.1.14
1.1.15
1.1.2
1.1.3
1.1.4
1.1.5
1.1.6
1.1.7
1.1.8
1.1.9
1.2.0
1.2.0rc
1.2.1
1.2.10
1.2.11
1.2.12
1.2.13
1.2.14
1.2.15
1.2.16
1.2.2
1.2.3
1.2.4
1.2.5
1.2.6
1.2.7
1.2.8
1.2.9
1.3.0
1.3.0rc
1.3.0rc2
1.3.0rc3
1.3.1
1.3.10
1.3.11
1.3.12
1.3.13
1.3.14
1.3.15
1.3.16
1.3.17
1.3.2
1.3.3
1.3.4
1.3.5
1.3.6
1.3.7
1.3.8
1.3.9