3 matches found
CVE-2019-13644
Firefly III before 4.7.17.1 is vulnerable to stored XSS due to lack of filtration of user-supplied data in a budget name. The JavaScript code is contained in a transaction, and is executed on the tags/show/$tagnumber$ tag summary page. NOTE: It is asserted that an attacker must have the same acce...
CVE-2019-13644
Firefly III before 4.7.17.1 is vulnerable to stored XSS due to lack of filtration of user-supplied data in a budget name. The JavaScript code is contained in a transaction, and is executed on the tags/show/$tagnumber$ tag summary page. NOTE: It is asserted that an attacker must have the same acce...
CVE-2019-13644
Firefly III prior to 4.7.17.1 is vulnerable to a stored XSS flaw in budget names due to insufficient filtering of user input. The JavaScript payload is stored inside a transaction and executed on the tags/show/$tag_number$ page. The vulnerability requires the attacker to have the same access righ...