Packagist (Composer) package
grumpydictator/firefly-iii
pkg:composer/grumpydictator/firefly-iii
Vulnerabilities (22)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2019-13645 | — | < 4.7.17.3 | 4.7.17.3 | Jul 18, 2019 | Firefly III before 4.7.17.3 is vulnerable to stored XSS due to lack of filtration of user-supplied data in image file names. The JavaScript code is executed during attachments/edit/$file_id$ attachment editing. NOTE: It is asserted that an attacker must have the same access right | ||
| CVE-2019-13644 | — | < 4.7.17.1 | 4.7.17.1 | Jul 18, 2019 | Firefly III before 4.7.17.1 is vulnerable to stored XSS due to lack of filtration of user-supplied data in a budget name. The JavaScript code is contained in a transaction, and is executed on the tags/show/$tag_number$ tag summary page. NOTE: It is asserted that an attacker must |
- CVE-2019-13645Jul 18, 2019affected < 4.7.17.3fixed 4.7.17.3
Firefly III before 4.7.17.3 is vulnerable to stored XSS due to lack of filtration of user-supplied data in image file names. The JavaScript code is executed during attachments/edit/$file_id$ attachment editing. NOTE: It is asserted that an attacker must have the same access right
- CVE-2019-13644Jul 18, 2019affected < 4.7.17.1fixed 4.7.17.1
Firefly III before 4.7.17.1 is vulnerable to stored XSS due to lack of filtration of user-supplied data in a budget name. The JavaScript code is contained in a transaction, and is executed on the tags/show/$tag_number$ tag summary page. NOTE: It is asserted that an attacker must
Page 2 of 2