Share
Title: Stored XSS In akaunting compnay name alt  
Affected Version: 1.0.0 - 1.3.17  
Tested on: Chrome, Firefox, Opera ( Latest version )  
Author: Rudra Sarkar (@rudr4_sarkar)  
  
1. Affected "alt" attribute  
2. Create account, Confirm Email Verification  
3. Create Company name with "><script>alert(document.domain);</script>  
4. It will redirect you to dashboard, and you will got popup  
5. You will got popup ;)  
  
Timeline:  
28-09-2019: Reported to their vendor  
28-09-2019: Closed as "out of topic" on github (  
https://github.com/akaunting/akaunting/issues/881 ) Fix not deployed.  
  
Thanks,  
--   
Thanks,  
*Rudra Sarkar* | SRT | Security Researcher  
@rudr4_sarkar <https://twitter.com/rudr4_sarkar>