Firefly III Information Disclosure Vulnerability

Firefly III is an open source personal financial management system. An information disclosure vulnerability exists in Firefly III version 4.7.17.3, which stems from the program's failure to filter URLs for protocols such as file:/// and can be exploited by an attacker to enumerate local files...

Design/Logic Flaw

Firefly III 4.7.17.3 is vulnerable to stored XSS due to the lack of filtration of user-supplied data in the bill name field. The JavaScript code is executed during rule-from-bill creation...

CVE-2019-14668

Firefly III 4.7.17.3 is vulnerable to stored XSS due to the lack of filtration of user-supplied data in the transaction description field. The JavaScript code is executed during deletion of a transaction link...

CVE-2019-14670

Firefly III 4.7.17.3 is reported vulnerable to stored XSS stemming from lack of filtration of user-supplied data in the bill name field. The JavaScript payload executes during rule-from-bill creation, indicating a stored XSS flaw. No explicit remediation or patch details are provided in the conne...

PT-2019-13462 · Firefly Iii · Firefly-Iii

Name of the Vulnerable Software and Affected Versions: Firefly III versions prior to 4.7.17.3 Description: The issue is related to stored XSS due to the lack of filtration of user-supplied data in image file content. The JavaScript code is executed during attachments/view/$file id$ attachment...

PT-2019-13461 · Firefly Iii · Firefly-Iii

Name of the Vulnerable Software and Affected Versions: Firefly III versions prior to 4.7.17.3 Description: The issue is related to reflected XSS due to the lack of filtration of user-supplied data in a search query. It is noted that an attacker must have the same access rights as the user to...