Vulnerabilities (CVE)

Filtered by vendor Firefly-iii Subscribe
Total 23 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2019-14668 1 Firefly-iii 1 Firefly Iii 2024-02-04 3.5 LOW 5.4 MEDIUM
Firefly III 4.7.17.3 is vulnerable to stored XSS due to the lack of filtration of user-supplied data in the transaction description field. The JavaScript code is executed during deletion of a transaction link.
CVE-2019-14670 1 Firefly-iii 1 Firefly Iii 2024-02-04 3.5 LOW 5.4 MEDIUM
Firefly III 4.7.17.3 is vulnerable to stored XSS due to the lack of filtration of user-supplied data in the bill name field. The JavaScript code is executed during rule-from-bill creation.
CVE-2019-14669 1 Firefly-iii 1 Firefly Iii 2024-02-04 3.5 LOW 5.4 MEDIUM
Firefly III 4.7.17.3 is vulnerable to stored XSS due to the lack of filtration of user-supplied data in the asset account name. The JavaScript code is executed during a visit to the audit account statistics page.