Lucene search
K

11 matches found

Veracode
Veracode
added 2019/08/06 6:54 a.m.19 views

Cross-site Scripting (XSS)

grumpydictator/firefly-iii is vulnerable to cross-site scripting XSS. The attack is possible because it does not escape the user provided data in transaction description field and in asset account name, allowing an attacker to inject malicious script in a convert transaction to get executed upon ...

6.1CVSS3.5AI score0.01327EPSS
Exploits1References3Affected Software1
CNVD
CNVD
added 2019/08/06 12:0 a.m.4 views

Firefly III Cross-Site Scripting Vulnerability (CNVD-2019-30449)

Firefly III is a free, open source, self-hosted personal finance manager. A stored cross-site scripting vulnerability exists in Firefly III 4.7.17.4. The vulnerability stems from a lack of filtering of user-supplied data in the transaction description field and the asset account name field. An...

6.1CVSS6.3AI score0.01327EPSS
Exploits1References1
CNVD
CNVD
added 2019/08/06 12:0 a.m.3 views

Firefly III Cross-Site Scripting Vulnerability (CNVD-2019-30452)

Firefly III is a free, open source, self-hosted personal finance manager. A stored cross-site scripting vulnerability exists in Firefly III 4.7.17.3. The vulnerability stems from a lack of filtering of user-supplied data in the asset account name field. An attacker can exploit the vulnerability t...

5.4CVSS6.3AI score0.00762EPSS
Exploits1References1
NVD
NVD
added 2019/08/05 8:15 p.m.19 views

CVE-2019-14669

Firefly III 4.7.17.3 is vulnerable to stored XSS due to the lack of filtration of user-supplied data in the asset account name. The JavaScript code is executed during a visit to the audit account statistics page...

5.4CVSS5.3AI score0.00762EPSS
Exploits1References2
NVD
NVD
added 2019/08/05 8:15 p.m.21 views

CVE-2019-14667

Firefly III 4.7.17.4 is vulnerable to multiple stored XSS issues due to the lack of filtration of user-supplied data in the transaction description field and the asset account name. The JavaScript code is executed during a convert transaction action...

6.1CVSS6.1AI score0.01327EPSS
Exploits1References3
OSV
OSV
added 2019/08/05 8:15 p.m.9 views

CVE-2019-14667

Firefly III 4.7.17.4 is vulnerable to multiple stored XSS issues due to the lack of filtration of user-supplied data in the transaction description field and the asset account name. The JavaScript code is executed during a convert transaction action...

6.1CVSS5.9AI score
Exploits0References3
Prion
Prion
added 2019/08/05 8:15 p.m.10 views

Cross site scripting

Firefly III 4.7.17.3 is vulnerable to stored XSS due to the lack of filtration of user-supplied data in the asset account name. The JavaScript code is executed during a visit to the audit account statistics page...

3.5CVSS5.2AI score0.00762EPSS
Exploits1References2Affected Software1
Prion
Prion
added 2019/08/05 8:15 p.m.17 views

Cross site scripting

Firefly III 4.7.17.4 is vulnerable to multiple stored XSS issues due to the lack of filtration of user-supplied data in the transaction description field and the asset account name. The JavaScript code is executed during a convert transaction action...

4.3CVSS6AI score0.01327EPSS
Exploits1References3Affected Software1
Cvelist
Cvelist
added 2019/08/05 7:23 p.m.22 views

CVE-2019-14667

Firefly III 4.7.17.4 is vulnerable to multiple stored XSS issues due to the lack of filtration of user-supplied data in the transaction description field and the asset account name. The JavaScript code is executed during a convert transaction action...

6.1AI score0.01327EPSS
Exploits1References3
Cvelist
Cvelist
added 2019/08/05 7:23 p.m.17 views

CVE-2019-14669

Firefly III 4.7.17.3 is vulnerable to stored XSS due to the lack of filtration of user-supplied data in the asset account name. The JavaScript code is executed during a visit to the audit account statistics page...

5.3AI score0.00762EPSS
Exploits1References2
CVE
CVE
added 2019/08/05 7:23 p.m.59 views

CVE-2019-14669

CVE-2019-14669 affects Firefly III 4.7.17.3 and is a stored XSS vulnerability caused by lack of filtration of user-supplied data in the asset account name. The JavaScript executes when visiting the audit account statistics page. CVSS metrics indicate CVSS‑3.0 base score 5.4 (Medium) with network ...

5.4CVSS5.2AI score0.00762EPSS
Exploits1References2Affected Software1
Rows per page
Query Builder