Cybersecurity researchers on Tuesday disclosed nine security vulnerabilities affecting three open-source projects. EspoCRM, Pimcore, Akaunting, and Akaunting are widely used by several small to medium businesses. The flaws could enable an authenticated adversary to execute arbitrary JavaScript code, commandeer the underlying operating system and use it as a beachhead to launch additional nefarious attacks. Six of the nine flaws were uncovered in the Akaunting project, researchers Wiktor S..dkowski of Nokia and Trevor Christiansen of Rapid7 noted.
Source: https://thehackernews.com/2021/07/several-bugs-found-in-3-open-source.html