CVE-2019-14668
Firefly III 4.7.17.3 is affected by a stored XSS in the transaction description field. The root cause is lack of filtration/sanitization of user-supplied data, allowing JavaScript execution when a transaction link is deleted. Connected sources corroborate a stored XSS in the delete workflow via l...