CVE-2026-2678 – Multiple vulnerabilities in A3factura software

CVE ID : CVE-2026-2678

Published : Feb. 26, 2026, 12:17 p.m. | 52 minutes ago

Description : Reflected Cross-Site Scripting (XSS) on the A3factura web platform, in parameter ‘name’, parameter ‘name’, in ‘a3factura-app.wolterskluwer.es/#/incomes/customers’ endpoint, which could allow an attacker to execute arbitrary code in the victim’s browser.

Severity: 4.8 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…