CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

9 matches found

Veracode•added 2024/01/08 7:49 a.m.•13 views

HTML Injection

grumpydictator/firefly-iii is vulnerable to HTML Injection. The vulnerability is caused due to improper sanitization in webhooks features. This allows an attacker to inject malicious HTML content by submitting specially crafted input...

6.1CVSS6.5AI score0.00128EPSS

Exploits0References4Affected Software1

Veracode•added 2021/12/02 9:10 a.m.•18 views

Cross-site Request Forgery (CSRF)

grumpydictator/firefly-iii is vulnerable to cross-site request forgery. The vulnerability is capable of tricking users to switch transaction links and unknowingly perform unwanted actions on malicious websites...

4.3CVSS4.7AI score0.00161EPSS

Exploits1References3Affected Software1

Veracode•added 2020/10/29 3:34 a.m.•8 views

Cross-site Scripting (XSS)

grumpydictator/firefly-iii is vulnerable to cross-site scripting XSS. An attacker can inject malicious script via auto-completion suggestions for description field for new or edited transactions during adding transaction. This vulnerability is exploitable in a non-default configuration whereby th...

2.3AI score

Exploits0References2Affected Software1

Veracode•added 2019/08/06 6:54 a.m.•17 views

Cross-site Scripting (XSS)

grumpydictator/firefly-iii is vulnerable to cross-site scripting XSS. The attack is possible because it does not escape the user provided data in transaction description field and in asset account name, allowing an attacker to inject malicious script in a convert transaction to get executed upon ...

6.1CVSS3.5AI score0.00411EPSS

Exploits1References3Affected Software1

Veracode•added 2019/08/06 6:44 a.m.•14 views

Cross-site Scripting (XSS)

grumpydictator/firefly-iii is vulnerable to cross-site scripting XSS. The attack is possible because it does not escape the user provided data in the asset account name field, allowing an attacker to inject malicious script through it...

5.4CVSS3AI score0.00206EPSS

Exploits1References2Affected Software1

Veracode•added 2019/08/06 6:23 a.m.•16 views

Cross-site Scripting (XSS)

grumpydictator/firefly-iii is vulnerable to cross-site scripting XSS. The attack is possible because it does not escape the user provided data increate-from-bill name field, allowing an attacker to inject malicious script...

5.4CVSS3.3AI score0.00206EPSS

Exploits1References2Affected Software1

Veracode•added 2019/08/06 6:9 a.m.•11 views

Cross-site Scripting (XSS)

grumpydictator/firefly-iii is vulnerable to cross-site scripting XSS. The attack is possible because it does not escape the user provided data in liability name field, allowing an attacker to inject malicious script in a transaction to get executed upon an error condition during a visit to the...

5.4CVSS3.4AI score0.00206EPSS

Exploits1References2Affected Software1

Veracode•added 2019/07/18 6:59 a.m.•15 views

Cross-site Scripting (XSS)

grumpydictator/firefly-iii is vulnerable to cross-site scripting XSS. The attack exists because it does not validate the file content provided by the user, allowing an attacker to inject a malicious script through it to get executed during viewing of attachments/view/$fileid$ attachment...

5.4CVSS5.2AI score0.00206EPSS

Exploits1References4Affected Software1

Veracode•added 2019/07/18 6:37 a.m.•16 views

Cross-site Scripting (XSS)

grumpydictator/firefly-iii is vulnerable to cross-site scripting XSS attacks. The attack is due to lack of sanitization of query string provided by the user in the search query, allowing an attacker to inject a malicious script...

5.4CVSS5.1AI score0.00281EPSS

Exploits1References2Affected Software1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by