Firefly Iii

firefly-iii

26 CVEs • 1 product

Products (1)

Click to collapse

Toggle

CVEs (26)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2019-14668 1Firefly Iii 1Firefly Iii Nov 21, 2024 Aug 5, 2019 N/A· v4 5.4 MEDIUM· v3 3.5 LOW· v2 Firefly III 4.7.17.3 is vulnerable to stored XSS due to the lack of filtration of user-supplied data in the transaction description field. The JavaScript code is executed during deletion of a transaction link.
CVE-2019-14667 1Firefly Iii 1Firefly Iii Nov 21, 2024 Aug 5, 2019 N/A· v4 6.1 MEDIUM· v3 4.3 MEDIUM· v2 Firefly III 4.7.17.4 is vulnerable to multiple stored XSS issues due to the lack of filtration of user-supplied data in the transaction description field and the asset account name. The JavaScript code is executed during...Show more Firefly III 4.7.17.4 is vulnerable to multiple stored XSS issues due to the lack of filtration of user-supplied data in the transaction description field and the asset account name. The JavaScript code is executed during a convert transaction action.Show less
CVE-2019-13647 1Firefly Iii 1Firefly Iii Nov 21, 2024 Jul 18, 2019 N/A· v4 5.4 MEDIUM· v3 3.5 LOW· v2 Firefly III before 4.7.17.3 is vulnerable to stored XSS due to lack of filtration of user-supplied data in image file content. The JavaScript code is executed during attachments/view/$file_id$ attachment viewing. NOTE: I...Show more Firefly III before 4.7.17.3 is vulnerable to stored XSS due to lack of filtration of user-supplied data in image file content. The JavaScript code is executed during attachments/view/$file_id$ attachment viewing. NOTE: It is asserted that an attacker must have the same access rights as the user in order to be able to execute the vulnerabilityShow less
CVE-2019-13646 1Firefly Iii 1Firefly Iii Nov 21, 2024 Jul 18, 2019 N/A· v4 5.4 MEDIUM· v3 3.5 LOW· v2 Firefly III before 4.7.17.3 is vulnerable to reflected XSS due to lack of filtration of user-supplied data in a search query. NOTE: It is asserted that an attacker must have the same access rights as the user in order to...Show more Firefly III before 4.7.17.3 is vulnerable to reflected XSS due to lack of filtration of user-supplied data in a search query. NOTE: It is asserted that an attacker must have the same access rights as the user in order to be able to execute the vulnerabilityShow less
CVE-2019-13645 1Firefly Iii 1Firefly Iii Nov 21, 2024 Jul 18, 2019 N/A· v4 5.4 MEDIUM· v3 3.5 LOW· v2 Firefly III before 4.7.17.3 is vulnerable to stored XSS due to lack of filtration of user-supplied data in image file names. The JavaScript code is executed during attachments/edit/$file_id$ attachment editing. NOTE: It...Show more Firefly III before 4.7.17.3 is vulnerable to stored XSS due to lack of filtration of user-supplied data in image file names. The JavaScript code is executed during attachments/edit/$file_id$ attachment editing. NOTE: It is asserted that an attacker must have the same access rights as the user in order to be able to execute the vulnerabilityShow less
CVE-2019-13644 1Firefly Iii 1Firefly Iii Nov 21, 2024 Jul 18, 2019 N/A· v4 5.4 MEDIUM· v3 3.5 LOW· v2 Firefly III before 4.7.17.1 is vulnerable to stored XSS due to lack of filtration of user-supplied data in a budget name. The JavaScript code is contained in a transaction, and is executed on the tags/show/$tag_number$ t...Show more Firefly III before 4.7.17.1 is vulnerable to stored XSS due to lack of filtration of user-supplied data in a budget name. The JavaScript code is contained in a transaction, and is executed on the tags/show/$tag_number$ tag summary page. NOTE: It is asserted that an attacker must have the same access rights as the user in order to be able to execute the vulnerabilityShow less