Firefly-iii Firefly_iii

26 CVEs affecting Firefly-iii Firefly_iii. Latest disclosed: 2024-01-05. Critical: 2, High: 4.

Top CVEs affecting Firefly-iii Firefly_iii
CVESeverityScorePublishedSummary
CVE-2023-1788Critical9.82023-04-05Insufficient Session Expiration in GitHub repository firefly-iii/firefly-iii prior to 6.
CVE-2023-1789Critical9.82023-04-01Improper Input Validation in GitHub repository firefly-iii/firefly-iii prior to 6.0.0.
CVE-2021-3901High8.82021-10-27firefly-iii is vulnerable to Cross-Site Request Forgery (CSRF)
CVE-2021-3846High8.82021-10-19firefly-iii is vulnerable to Unrestricted Upload of File with Dangerous Type
CVE-2021-3819High8.82021-09-27firefly-iii is vulnerable to Cross-Site Request Forgery (CSRF)
CVE-2021-3663High7.52021-07-25firefly-iii is vulnerable to Improper Restriction of Excessive Authentication Attempts
CVE-2023-0298Medium6.52023-01-14Incorrect Authorization in GitHub repository firefly-iii/firefly-iii prior to 5.8.0.
CVE-2021-3900Medium6.52021-10-27firefly-iii is vulnerable to Cross-Site Request Forgery (CSRF)
CVE-2021-3730Medium6.52021-08-23firefly-iii is vulnerable to Cross-Site Request Forgery (CSRF)
CVE-2021-3728Medium6.52021-08-23firefly-iii is vulnerable to Cross-Site Request Forgery (CSRF)
CVE-2024-22075Medium6.12024-01-05Firefly III (aka firefly-iii) before 6.1.1 allows webhooks HTML Injection.
CVE-2019-14667Medium6.12019-08-05Firefly III 4.7.17.4 is vulnerable to multiple stored XSS issues due to the lack of filtration of user-supplied data in the transaction description field and t…
CVE-2021-3851Medium5.42021-10-19firefly-iii is vulnerable to URL Redirection to Untrusted Site
CVE-2019-14672Medium5.42019-08-05Firefly III 4.7.17.5 is vulnerable to stored XSS due to the lack of filtration of user-supplied data in the liability name field. The JavaScript code is execut…
CVE-2019-14670Medium5.42019-08-05Firefly III 4.7.17.3 is vulnerable to stored XSS due to the lack of filtration of user-supplied data in the bill name field. The JavaScript code is executed du…
CVE-2019-14669Medium5.42019-08-05Firefly III 4.7.17.3 is vulnerable to stored XSS due to the lack of filtration of user-supplied data in the asset account name. The JavaScript code is executed…
CVE-2019-14668Medium5.42019-08-05Firefly III 4.7.17.3 is vulnerable to stored XSS due to the lack of filtration of user-supplied data in the transaction description field. The JavaScript code…
CVE-2019-13647Medium5.42019-07-18Firefly III before 4.7.17.3 is vulnerable to stored XSS due to lack of filtration of user-supplied data in image file content. The JavaScript code is executed…
CVE-2019-13646Medium5.42019-07-18Firefly III before 4.7.17.3 is vulnerable to reflected XSS due to lack of filtration of user-supplied data in a search query. NOTE: It is asserted that an atta…
CVE-2019-13645Medium5.42019-07-18Firefly III before 4.7.17.3 is vulnerable to stored XSS due to lack of filtration of user-supplied data in image file names. The JavaScript code is executed du…