Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
4.8
A3factura Web Platform Allows Malicious Code Execution
CVE-2026-2680
Summary
The A3factura web platform has a security issue that allows hackers to inject malicious code into users' browsers. This could lead to unauthorized actions on the platform. Users and administrators should update the platform as soon as possible to fix this issue and protect sensitive data.
What to do
No fix is available yet. Check with your software vendor for updates.
Affected software
| Vendor | Product | Affected versions | Fix available |
|---|---|---|---|
| wolterskluwer | a3factura | 4.111.2 | – |
Original title
Reflected Cross-Site Scripting (XSS) on the A3factura web platform, in parameter 'customerVATNumber', in 'a3factura-app.wolterskluwer.es/#/incomes/salesDeliveryNotes' endpoint, which could allow an...
Original description
Reflected Cross-Site Scripting (XSS) on the A3factura web platform, in parameter 'customerVATNumber', in 'a3factura-app.wolterskluwer.es/#/incomes/salesDeliveryNotes' endpoint, which could allow an attacker to execute arbitrary code in the victim's browser.
nvd CVSS3.1
6.1
nvd CVSS4.0
4.8
Vulnerability type
CWE-79
Cross-site Scripting (XSS)
- https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-a3fa... Third Party Advisory
Published: 26 Feb 2026 · Updated: 12 Mar 2026 · First seen: 6 Mar 2026