VYPR

Firefly Iii/firefly Iii

by Firefly Iii

Source repositories

CVEs (23)

  • CVE-2019-14669Aug 5, 2019
    risk 0.00cvss epss 0.01

    Firefly III 4.7.17.3 is vulnerable to stored XSS due to the lack of filtration of user-supplied data in the asset account name. The JavaScript code is executed during a visit to the audit account statistics page.

  • CVE-2019-14670Aug 5, 2019
    risk 0.00cvss epss 0.01

    Firefly III 4.7.17.3 is vulnerable to stored XSS due to the lack of filtration of user-supplied data in the bill name field. The JavaScript code is executed during rule-from-bill creation.

  • CVE-2019-14672Aug 5, 2019
    risk 0.00cvss epss 0.01

    Firefly III 4.7.17.5 is vulnerable to stored XSS due to the lack of filtration of user-supplied data in the liability name field. The JavaScript code is executed upon an error condition during a visit to the account show page.

Page 2 of 2