Lucene search

Cross-site Scripting (XSS)

🗓️ 06 Aug 2019 06:51:54Reported by Veracode Vulnerability DatabaseType

veracode🔗 sca.analysiscenter.veracode.com👁 12 Views

grumpydictator/firefly-iii is vulnerable to cross-site scripting (XSS). The attack is possible because it does not escape the user provided data in transaction description field and in asset account name, allowing an attacker to inject malicious script in a convert transaction to get executed upon a user's visit to the page

AI Insights are available for you today

Leverage the power of AI to quickly understand vulnerabilities, impacts, and exploitability

Reporter	Title	Published	Views	Family All 5
Cvelist	CVE-2019-14667	5 Aug 201919:23	–	cvelist
OSV	CVE-2019-14667	5 Aug 201920:15	–	osv
CVE	CVE-2019-14667	5 Aug 201920:15	–	cve
Prion	Cross site scripting	5 Aug 201920:15	–	prion
NVD	CVE-2019-14667	5 Aug 201920:15	–	nvd

Vulners

Node

firefly-iii grumpydictator/firefly-iiiRange4.1.4–4.7.17.3php

Source	Link
github	www.github.com/firefly-iii/firefly-iii/commit/15d4d185bbedf2bb9db4a8fa2ccf9fc359a06194
github	www.github.com/firefly-iii/firefly-iii/commit/427de0594d05a8222f55b2894311e648ba1be991
github	www.github.com/firefly-iii/firefly-iii/issues/2363

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo

06 Aug 2019 06:54Current

3.5Low risk

Vulners AI Score3.5

CVSS24.3

CVSS36.1

EPSS0.00307