Vulnerabilities

CVE-2026-2680

by Fred · 26/02/2026

Reflected Cross-Site Scripting (XSS) on the A3factura web platform, in parameter ‘customerVATNumber’, in ‘a3factura-app.wolterskluwer.es/#/incomes/salesDeliveryNotes’ endpoint, which could allow an attacker to execute arbitrary code in the victim’s browser.

More information : https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-a3factura-software

Similar

Tags: Cybersecurity Alert