EPSS
Percentile
59.9%
grumpydictator/firefly-iii is vulnerable to Cross Site Scripting (XSS). The vulnerability exists when adding new currencies which allows an attacker to inject malicious HTML payloads and redirect a user to a malicious site.
github.com/advisories/GHSA-mwxw-hxvp-4r2r
github.com/firefly-iii/firefly-iii/commit/6b05c0fbd3e8c40ae9b24dc2698821786fccf0c5
github.com/firefly-iii/firefly-iii/pull/7043
huntr.dev/bounties/2c3489f7-6b84-48f8-9368-9cea67cf373d/