Firefly III Cross-Site Scripting Vulnerability (CNVD-2019-30777)

Firefly III is an open source personal financial management system. A cross-site scripting vulnerability exists in Firefly III versions prior to 4.7.17.1, which can be exploited by an attacker to execute client-side code...

CVE-2019-13644

Firefly III before 4.7.17.1 is vulnerable to stored XSS due to lack of filtration of user-supplied data in a budget name. The JavaScript code is contained in a transaction, and is executed on the tags/show/$tagnumber$ tag summary page. NOTE: It is asserted that an attacker must have the same acce...

PT-2019-13459 · Firefly Iii · Firefly-Iii

Name of the Vulnerable Software and Affected Versions: Firefly III versions prior to 4.7.17.1 Description: The issue is related to stored XSS due to the lack of filtration of user-supplied data in a budget name. The JavaScript code is contained in a transaction and is executed on the...