CVE-2026-2679 – Multiple vulnerabilities in A3factura software

CVE ID : CVE-2026-2679

Published : Feb. 26, 2026, 12:18 p.m. | 51 minutes ago

Description : Reflected Cross-Site Scripting (XSS) on the A3factura web platform, in parameter ‘customerName’, in ‘a3factura-app.wolterskluwer.es/#/incomes/salesInvoices’ endpoint, which could allow an attacker to execute arbitrary code in the victim’s browser.

Severity: 4.8 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…