Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
firefly iii vulnerabilities and exploits
(subscribe to this query)
4.3
CVSSv2
CVE-2021-4015
firefly-iii is vulnerable to Cross-Site Request Forgery (CSRF)
Firefly-iii Firefly Iii
4.3
CVSSv2
CVE-2021-4005
firefly-iii is vulnerable to Cross-Site Request Forgery (CSRF)
Firefly-iii Firefly Iii
4.3
CVSSv2
CVE-2021-3900
firefly-iii is vulnerable to Cross-Site Request Forgery (CSRF)
Firefly-iii Firefly Iii
4.3
CVSSv2
CVE-2021-3921
firefly-iii is vulnerable to Cross-Site Request Forgery (CSRF)
Firefly-iii Firefly Iii
3.5
CVSSv2
CVE-2019-13644
Firefly III prior to 4.7.17.1 is vulnerable to stored XSS due to lack of filtration of user-supplied data in a budget name. The JavaScript code is contained in a transaction, and is executed on the tags/show/$tag_number$ tag summary page. NOTE: It is asserted that an attacker mus...
Firefly-iii Firefly Iii
3.5
CVSSv2
CVE-2019-13647
Firefly III prior to 4.7.17.3 is vulnerable to stored XSS due to lack of filtration of user-supplied data in image file content. The JavaScript code is executed during attachments/view/$file_id$ attachment viewing. NOTE: It is asserted that an attacker must have the same access r...
Firefly-iii Firefly Iii
4.3
CVSSv2
CVE-2021-3728
firefly-iii is vulnerable to Cross-Site Request Forgery (CSRF)
Firefly-iii Firefly Iii -
4.3
CVSSv2
CVE-2021-3729
firefly-iii is vulnerable to Cross-Site Request Forgery (CSRF)
Firefly-iii Firefly Iii -
3.5
CVSSv2
CVE-2019-13645
Firefly III prior to 4.7.17.3 is vulnerable to stored XSS due to lack of filtration of user-supplied data in image file names. The JavaScript code is executed during attachments/edit/$file_id$ attachment editing. NOTE: It is asserted that an attacker must have the same access rig...
Firefly-iii Firefly Iii
NA
CVE-2023-0298
Incorrect Authorization in GitHub repository firefly-iii/firefly-iii before 5.8.0.
Firefly-iii Firefly Iii
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-34377
CVE-2024-20859
CVE-2023-49606
inject
arbitrary
CVE-2024-33788
CVE-2024-30973
IDOR
CVE-2024-33907
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
NEXT »