2 matches found
Firefly III Information Disclosure Vulnerability
Firefly III is an open source personal financial management system. An information disclosure vulnerability exists in Firefly III version 4.7.17.3, which stems from the program's failure to filter URLs for protocols such as file:/// and can be exploited by an attacker to enumerate local files...
PT-2019-13462 · Firefly Iii · Firefly-Iii
Name of the Vulnerable Software and Affected Versions: Firefly III versions prior to 4.7.17.3 Description: The issue is related to stored XSS due to the lack of filtration of user-supplied data in image file content. The JavaScript code is executed during attachments/view/$file id$ attachment...