grumpydictator/firefly-iii is vulnerable to cross-site scripting (XSS) attacks. The attack is due to lack of sanitization of query string provided by the user in the search query, allowing an attacker to inject a malicious script.
CPE | Name | Operator | Version |
---|---|---|---|
grumpydictator/firefly-iii | le | 4.17.2 |