Total
23 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-14668 | 1 Firefly-iii | 1 Firefly Iii | 2024-02-04 | 3.5 LOW | 5.4 MEDIUM |
| Firefly III 4.7.17.3 is vulnerable to stored XSS due to the lack of filtration of user-supplied data in the transaction description field. The JavaScript code is executed during deletion of a transaction link. | |||||
| CVE-2019-14670 | 1 Firefly-iii | 1 Firefly Iii | 2024-02-04 | 3.5 LOW | 5.4 MEDIUM |
| Firefly III 4.7.17.3 is vulnerable to stored XSS due to the lack of filtration of user-supplied data in the bill name field. The JavaScript code is executed during rule-from-bill creation. | |||||
| CVE-2019-14669 | 1 Firefly-iii | 1 Firefly Iii | 2024-02-04 | 3.5 LOW | 5.4 MEDIUM |
| Firefly III 4.7.17.3 is vulnerable to stored XSS due to the lack of filtration of user-supplied data in the asset account name. The JavaScript code is executed during a visit to the audit account statistics page. | |||||