11 matches found
Cross-site Scripting (XSS)
grumpydictator/firefly-iii is vulnerable to cross-site scripting XSS. The attack is possible because it does not escape the user provided data in transaction description field and in asset account name, allowing an attacker to inject malicious script in a convert transaction to get executed upon ...
Firefly III Cross-Site Scripting Vulnerability (CNVD-2019-30449)
Firefly III is a free, open source, self-hosted personal finance manager. A stored cross-site scripting vulnerability exists in Firefly III 4.7.17.4. The vulnerability stems from a lack of filtering of user-supplied data in the transaction description field and the asset account name field. An...
Firefly III Cross-Site Scripting Vulnerability (CNVD-2019-30452)
Firefly III is a free, open source, self-hosted personal finance manager. A stored cross-site scripting vulnerability exists in Firefly III 4.7.17.3. The vulnerability stems from a lack of filtering of user-supplied data in the asset account name field. An attacker can exploit the vulnerability t...
CVE-2019-14669
Firefly III 4.7.17.3 is vulnerable to stored XSS due to the lack of filtration of user-supplied data in the asset account name. The JavaScript code is executed during a visit to the audit account statistics page...
CVE-2019-14667
Firefly III 4.7.17.4 is vulnerable to multiple stored XSS issues due to the lack of filtration of user-supplied data in the transaction description field and the asset account name. The JavaScript code is executed during a convert transaction action...
CVE-2019-14667
Firefly III 4.7.17.4 is vulnerable to multiple stored XSS issues due to the lack of filtration of user-supplied data in the transaction description field and the asset account name. The JavaScript code is executed during a convert transaction action...
Cross site scripting
Firefly III 4.7.17.3 is vulnerable to stored XSS due to the lack of filtration of user-supplied data in the asset account name. The JavaScript code is executed during a visit to the audit account statistics page...
Cross site scripting
Firefly III 4.7.17.4 is vulnerable to multiple stored XSS issues due to the lack of filtration of user-supplied data in the transaction description field and the asset account name. The JavaScript code is executed during a convert transaction action...
CVE-2019-14667
Firefly III 4.7.17.4 is vulnerable to multiple stored XSS issues due to the lack of filtration of user-supplied data in the transaction description field and the asset account name. The JavaScript code is executed during a convert transaction action...
CVE-2019-14669
Firefly III 4.7.17.3 is vulnerable to stored XSS due to the lack of filtration of user-supplied data in the asset account name. The JavaScript code is executed during a visit to the audit account statistics page...
CVE-2019-14669
CVE-2019-14669 affects Firefly III 4.7.17.3 and is a stored XSS vulnerability caused by lack of filtration of user-supplied data in the asset account name. The JavaScript executes when visiting the audit account statistics page. CVSS metrics indicate CVSS‑3.0 base score 5.4 (Medium) with network ...