CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2026-2680

Reflected Cross-Site Scripting (XSS) on the A3factura web platform, in parameter 'customerVATNumber', in 'a3factura-app.wolterskluwer.es/#/incomes/salesDeliveryNotes' endpoint, which could allow an attacker to execute arbitrary code in the victim's browser.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.0

EPSS Ranking 9.2%

CVSS Severity

CVSS v3 Score 6.1

References

https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-a3factura-software

Products affected by CVE-2026-2680

Wolterskluwer » A3factura » Version: 4.111.2

cpe:2.3:a:wolterskluwer:a3factura:4.111.2

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2026-2680

Products

Pricing

Contact Us