Firefly III Cross-Site Scripting Vulnerability (CNVD-2019-30449)
Firefly III is a free, open source, self-hosted personal finance manager. A stored cross-site scripting vulnerability exists in Firefly III 4.7.17.4. The vulnerability stems from a lack of filtering of user-supplied data in the transaction description field and the asset account name field. An...