CVE-2021-36803

Publication date

2021-08-04 22:20:43

Family

rapid7

State

PUBLISHED

Description

Akaunting version 2.1.12 and earlier suffers from a persistent (type II) cross-site scripting (XSS) vulnerability in processing user-supplied avatar images. This issue was fixed in version 2.1.13 of the product.