Firefly-iii Firefly_iii
26 CVEs affecting Firefly-iii Firefly_iii. Latest disclosed: 2024-01-05. Critical: 2, High: 4.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2023-1788 | Critical | 9.8 | 2023-04-05 | Insufficient Session Expiration in GitHub repository firefly-iii/firefly-iii prior to 6. |
CVE-2023-1789 | Critical | 9.8 | 2023-04-01 | Improper Input Validation in GitHub repository firefly-iii/firefly-iii prior to 6.0.0. |
CVE-2021-3901 | High | 8.8 | 2021-10-27 | firefly-iii is vulnerable to Cross-Site Request Forgery (CSRF) |
CVE-2021-3846 | High | 8.8 | 2021-10-19 | firefly-iii is vulnerable to Unrestricted Upload of File with Dangerous Type |
CVE-2021-3819 | High | 8.8 | 2021-09-27 | firefly-iii is vulnerable to Cross-Site Request Forgery (CSRF) |
CVE-2021-3663 | High | 7.5 | 2021-07-25 | firefly-iii is vulnerable to Improper Restriction of Excessive Authentication Attempts |
CVE-2023-0298 | Medium | 6.5 | 2023-01-14 | Incorrect Authorization in GitHub repository firefly-iii/firefly-iii prior to 5.8.0. |
CVE-2021-3900 | Medium | 6.5 | 2021-10-27 | firefly-iii is vulnerable to Cross-Site Request Forgery (CSRF) |
CVE-2021-3730 | Medium | 6.5 | 2021-08-23 | firefly-iii is vulnerable to Cross-Site Request Forgery (CSRF) |
CVE-2021-3728 | Medium | 6.5 | 2021-08-23 | firefly-iii is vulnerable to Cross-Site Request Forgery (CSRF) |
CVE-2024-22075 | Medium | 6.1 | 2024-01-05 | Firefly III (aka firefly-iii) before 6.1.1 allows webhooks HTML Injection. |
CVE-2019-14667 | Medium | 6.1 | 2019-08-05 | Firefly III 4.7.17.4 is vulnerable to multiple stored XSS issues due to the lack of filtration of user-supplied data in the transaction description field and t… |
CVE-2021-3851 | Medium | 5.4 | 2021-10-19 | firefly-iii is vulnerable to URL Redirection to Untrusted Site |
CVE-2019-14672 | Medium | 5.4 | 2019-08-05 | Firefly III 4.7.17.5 is vulnerable to stored XSS due to the lack of filtration of user-supplied data in the liability name field. The JavaScript code is execut… |
CVE-2019-14670 | Medium | 5.4 | 2019-08-05 | Firefly III 4.7.17.3 is vulnerable to stored XSS due to the lack of filtration of user-supplied data in the bill name field. The JavaScript code is executed du… |
CVE-2019-14669 | Medium | 5.4 | 2019-08-05 | Firefly III 4.7.17.3 is vulnerable to stored XSS due to the lack of filtration of user-supplied data in the asset account name. The JavaScript code is executed… |
CVE-2019-14668 | Medium | 5.4 | 2019-08-05 | Firefly III 4.7.17.3 is vulnerable to stored XSS due to the lack of filtration of user-supplied data in the transaction description field. The JavaScript code… |
CVE-2019-13647 | Medium | 5.4 | 2019-07-18 | Firefly III before 4.7.17.3 is vulnerable to stored XSS due to lack of filtration of user-supplied data in image file content. The JavaScript code is executed… |
CVE-2019-13646 | Medium | 5.4 | 2019-07-18 | Firefly III before 4.7.17.3 is vulnerable to reflected XSS due to lack of filtration of user-supplied data in a search query. NOTE: It is asserted that an atta… |
CVE-2019-13645 | Medium | 5.4 | 2019-07-18 | Firefly III before 4.7.17.3 is vulnerable to stored XSS due to lack of filtration of user-supplied data in image file names. The JavaScript code is executed du… |