Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
4.8
A3factura Web Platform Vulnerable to Malicious Browser Code Execution
CVE-2026-2677
Summary
The A3factura web platform has a security weakness that allows an attacker to inject malicious code into a user's browser, potentially stealing sensitive information or taking control of the user's session. This could happen if a user clicks on a link or visits a website that contains malicious code. To protect yourself, ensure that you only interact with trusted links and websites, and consider updating your browser and plugins to the latest versions.
What to do
No fix is available yet. Check with your software vendor for updates.
Affected software
| Vendor | Product | Affected versions | Fix available |
|---|---|---|---|
| wolterskluwer | a3factura | 4.111.2 | – |
Original title
Reflected Cross-Site Scripting (XSS) on the A3factura web platform, in parameter 'name', in 'a3factura-app.wolterskluwer.es/#/incomes/representatives-management' endpoint, which could allow an atta...
Original description
Reflected Cross-Site Scripting (XSS) on the A3factura web platform, in parameter 'name', in 'a3factura-app.wolterskluwer.es/#/incomes/representatives-management' endpoint, which could allow an attacker to execute arbitrary code in the victim's browser.
nvd CVSS3.1
6.1
nvd CVSS4.0
4.8
Vulnerability type
CWE-79
Cross-site Scripting (XSS)
- https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-a3fa... Third Party Advisory
Published: 26 Feb 2026 · Updated: 12 Mar 2026 · First seen: 6 Mar 2026