Firefly Iii/firefly Iii
by Firefly Iii
Source repositories
CVEs (23)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2019-14669 | 0.00 | — | 0.01 | Aug 5, 2019 | Firefly III 4.7.17.3 is vulnerable to stored XSS due to the lack of filtration of user-supplied data in the asset account name. The JavaScript code is executed during a visit to the audit account statistics page. | |||
| CVE-2019-14670 | 0.00 | — | 0.01 | Aug 5, 2019 | Firefly III 4.7.17.3 is vulnerable to stored XSS due to the lack of filtration of user-supplied data in the bill name field. The JavaScript code is executed during rule-from-bill creation. | |||
| CVE-2019-14672 | 0.00 | — | 0.01 | Aug 5, 2019 | Firefly III 4.7.17.5 is vulnerable to stored XSS due to the lack of filtration of user-supplied data in the liability name field. The JavaScript code is executed upon an error condition during a visit to the account show page. |
- CVE-2019-14669Aug 5, 2019risk 0.00cvss —epss 0.01
Firefly III 4.7.17.3 is vulnerable to stored XSS due to the lack of filtration of user-supplied data in the asset account name. The JavaScript code is executed during a visit to the audit account statistics page.
- CVE-2019-14670Aug 5, 2019risk 0.00cvss —epss 0.01
Firefly III 4.7.17.3 is vulnerable to stored XSS due to the lack of filtration of user-supplied data in the bill name field. The JavaScript code is executed during rule-from-bill creation.
- CVE-2019-14672Aug 5, 2019risk 0.00cvss —epss 0.01
Firefly III 4.7.17.5 is vulnerable to stored XSS due to the lack of filtration of user-supplied data in the liability name field. The JavaScript code is executed upon an error condition during a visit to the account show page.
Page 2 of 2