Lucene search

K
veracodeVeracode Vulnerability DatabaseVERACODE:31802
HistoryAug 24, 2021 - 7:13 a.m.

Cross-Site Request Forgery (CSRF)

2021-08-2407:13:44
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
5
cross-site request forgery
vulnerable software
attack detection

EPSS

0.001

Percentile

30.9%

grumpydictator/firefly-iii is vulnerable cross-site request forgery. An attacker who knows the IP address or hostname of the application running on localhost or anywhere can remove budgeted amount if the user is logged in and visited a malicious website.

Affected configurations

Vulners
Node
firefly-iiifirefly_iiiRange5.6.0-alpha.2beta1
VendorProductVersionCPE
firefly-iiifirefly_iii*cpe:2.3:a:firefly-iii:firefly_iii:*:beta1:*:*:*:*:*:*

EPSS

0.001

Percentile

30.9%