Medium severity6.1NVD Advisory· Published Jan 5, 2024· Updated Jun 17, 2026
CVE-2024-22075
CVE-2024-22075
Description
Firefly III (aka firefly-iii) before 6.1.1 allows webhooks HTML Injection.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
grumpydictator/firefly-iiiPackagist | < 6.1.1 | 6.1.1 |
Affected products
2Patches
Vulnerability mechanics
References
6- github.com/advisories/GHSA-vwv2-9wcj-64vxghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2024-22075ghsaADVISORY
- github.com/firefly-iii/firefly-iii/commit/28021aa711500bbada649de8fab9e72b4084ab21ghsaWEB
- github.com/firefly-iii/firefly-iii/releases/tag/v6.1.1nvdRelease NotesWEB
- www.sonarsource.com/blog/front-end-frameworks-when-bypassing-built-in-sanitization-might-backfireghsaWEB
- www.sonarsource.com/blog/front-end-frameworks-when-bypassing-built-in-sanitization-might-backfire/nvd
News mentions
0No linked articles in our index yet.