grumpydictator/firefly-iii is vulnerable cross-site request forgery. An attacker who knows the IP address or hostname of the application running on localhost or anywhere can remove budgeted amount if the user is logged in and visited a malicious website.
Vendor | Product | Version | CPE |
---|---|---|---|
firefly-iii | firefly_iii | * | cpe:2.3:a:firefly-iii:firefly_iii:*:beta1:*:*:*:*:*:* |