exploitDog

CVE-2026-2679

Опубликовано: 26 фев. 2026

Источник: nvd

CVSS3: 6.1

EPSS Низкий

Описание

Reflected Cross-Site Scripting (XSS) on the A3factura web platform, in parameter 'customerName', in 'a3factura-app.wolterskluwer.es/#/incomes/salesInvoices' endpoint, which could allow an attacker to execute arbitrary code in the victim's browser.

Ссылки

https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-a3factura-software
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:wolterskluwer:a3factura:4.111.2:rev.1:*:*:*:*:*:*

EPSS

Процентиль: 6%

0.00164

Низкий

6.1 Medium

CVSS3

Дефекты

CWE-79

Связанные уязвимости

GHSA-jm25-jfc5-xhx6

CVSS3: 6.1

github

4 месяца назад

Reflected Cross-Site Scripting (XSS) on the A3factura web platform, in parameter 'customerName', in 'a3factura-app.wolterskluwer.es/#/incomes/salesInvoices' endpoint, which could allow an attacker to execute arbitrary code in the victim's browser.

EPSS

Процентиль: 6%

0.00164

Низкий

6.1 Medium

CVSS3

Дефекты

CWE-79