{"id":"CVE-2025-55522","details":"Cross-site scripting (XSS) vulnerability in the component /common/reports of Akaunting v3.1.18 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the name parameter.","modified":"2026-04-10T05:31:01.932576Z","published":"2025-08-21T17:15:31.277Z","references":[{"type":"WEB","url":"https://github.com/akaunting/akaunting/tree/3.1.18"},{"type":"EVIDENCE","url":"https://github.com/vityuasd/VulList/blob/main/vul_1.md"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/akaunting/akaunting","events":[{"introduced":"ceba7b7f11ddc944aadc1cdff80055eaf22b177d"},{"last_affected":"7b1eaf30fc81ace5713b1fdeadb7769b15723bc0"}],"database_specific":{"versions":[{"introduced":"3.0.4"},{"last_affected":"3.1.19"}]}}],"versions":["3.0.10","3.0.12","3.0.16","3.0.17","3.0.4","3.0.5","3.0.6","3.0.7","3.0.8","3.0.9","3.1.0","3.1.1","3.1.10","3.1.11","3.1.13","3.1.14","3.1.15","3.1.16","3.1.17","3.1.18","3.1.19","3.1.2","3.1.3","3.1.4","3.1.5","3.1.6","3.1.7","3.1.8","3.1.9"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-55522.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"}]}