Lucene search
Veracode Vulnerability DatabaseVERACODE:31802HistoryAug 24, 2021 - 7:13 a.m.
Cross-Site Request Forgery (CSRF)
2021-08-2407:13:44
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
4
0.001 Low
EPSS
Percentile
31.1%
grumpydictator/firefly-iii is vulnerable cross-site request forgery. An attacker who knows the IP address or hostname of the application running on localhost or anywhere can remove budgeted amount if the user is logged in and visited a malicious website.
| CPE | Name | Operator | Version |
|---|---|---|---|
| grumpydictator/firefly-iii | le | 5.6.0-alpha.2 | |
| grumpydictator/firefly-iii | le | 5.6.0-alpha.2 |
Related
cvelist
cvelist
CVE-2021-3728 Cross-Site Request Forgery (CSRF) in firefly-iii/firefly-iii
2021-08-23 12:41:58
prion
prion
Cross site request forgery (csrf)
2021-08-23 13:15:00
cnvd
cnvd
firefly-iii Cross-site Request Forgery Vulnerability (CNVD-2021-101213)
2021-08-25 00:00:00
huntr
huntr
Cross-Site Request Forgery (CSRF) in firefly-iii/firefly-iii
2021-08-20 07:06:35
cve
cve
CVE-2021-3728
2021-08-23 13:15:07
osv
osv
firefly-iii is vulnerable to Cross-Site Request Forgery (CSRF)
2021-08-25 14:50:17
CVE-2021-3728
2021-08-23 13:15:07
nvd
nvd
CVE-2021-3728
2021-08-23 13:15:07
github
github
firefly-iii is vulnerable to Cross-Site Request Forgery (CSRF)
2021-08-25 14:50:17