Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
4.8
A3factura Web Platform: Browser Code Injection Risk
CVE-2026-2678
Summary
The A3factura web platform has a security weakness that could allow hackers to inject malicious code into users' web browsers. This could happen when a user visits a specific page while being tricked by an attacker. To stay safe, update the A3factura software as soon as possible and ensure users are not clicking on suspicious links.
What to do
No fix is available yet. Check with your software vendor for updates.
Affected software
| Vendor | Product | Affected versions | Fix available |
|---|---|---|---|
| wolterskluwer | a3factura | 4.111.2 | – |
Original title
Reflected Cross-Site Scripting (XSS) on the A3factura web platform, in parameter 'name', parameter 'name', in 'a3factura-app.wolterskluwer.es/#/incomes/customers' endpoint, which could allow an att...
Original description
Reflected Cross-Site Scripting (XSS) on the A3factura web platform, in parameter 'name', parameter 'name', in 'a3factura-app.wolterskluwer.es/#/incomes/customers' endpoint, which could allow an attacker to execute arbitrary code in the victim's browser.
nvd CVSS3.1
6.1
nvd CVSS4.0
4.8
Vulnerability type
CWE-79
Cross-site Scripting (XSS)
- https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-a3fa... Third Party Advisory
Published: 26 Feb 2026 · Updated: 12 Mar 2026 · First seen: 6 Mar 2026