Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
iii vulnerabilities and exploits
(subscribe to this query)
6.1
CVSSv3
CVE-2019-14667
Firefly III 4.7.17.4 is vulnerable to multiple stored XSS issues due to the lack of filtration of user-supplied data in the transaction description field and the asset account name. The JavaScript code is executed during a convert transaction action.
Firefly-iii Firefly Iii 4.7.17.4
5.4
CVSSv3
CVE-2019-14668
Firefly III 4.7.17.3 is vulnerable to stored XSS due to the lack of filtration of user-supplied data in the transaction description field. The JavaScript code is executed during deletion of a transaction link.
Firefly-iii Firefly Iii 4.7.17.3
5.4
CVSSv3
CVE-2019-14670
Firefly III 4.7.17.3 is vulnerable to stored XSS due to the lack of filtration of user-supplied data in the bill name field. The JavaScript code is executed during rule-from-bill creation.
Firefly-iii Firefly Iii 4.7.17.3
5.4
CVSSv3
CVE-2019-14672
Firefly III 4.7.17.5 is vulnerable to stored XSS due to the lack of filtration of user-supplied data in the liability name field. The JavaScript code is executed upon an error condition during a visit to the account show page.
Firefly-iii Firefly Iii 4.7.17.5
5.4
CVSSv3
CVE-2019-14669
Firefly III 4.7.17.3 is vulnerable to stored XSS due to the lack of filtration of user-supplied data in the asset account name. The JavaScript code is executed during a visit to the audit account statistics page.
Firefly-iii Firefly Iii 4.7.17.3
3.3
CVSSv3
CVE-2019-14671
Firefly III 4.7.17.3 is vulnerable to local file enumeration. An attacker can enumerate local files due to the lack of protocol scheme sanitization, such as for file:/// URLs. This is related to fints_url to import/job/configuration, and import/create/fints.
Firefly-iii Firefly Iii 4.7.17.3
NA
CVE-2014-2081
Multiple SQL injection vulnerabilities in the login in web_reports/cgi-bin/InfoStation.cgi in Innovative vtls-Virtua prior to 2013.2.4 and 2014.x prior to 2014.1.1 allow remote malicious users to execute arbitrary SQL commands via the (1) username or (2) password parameter.
Iii Vtls-virtua 2014.1.0
Iii Vtls-virtua 2013.2.3
1 EDB exploit
7.5
CVSSv3
CVE-2014-5138
Innovative Interfaces Sierra Library Services Platform 1.2_3 does not properly handle query strings with multiple instances of the same parameter, which allows remote malicious users to bypass parameter validation via unspecified vectors, possibly related to the Webpac Pro submod...
Iii Sierra 1.2 3
NA
CVE-2014-5137
Innovative Interfaces Sierra Library Services Platform 1.2_3 provides different responses for login request depending on whether the user account exists, which allows remote malicious users to enumerate account names via a series of login requests, possibly related to the Webpac ...
Iii Sierra 1.2 3
NA
CVE-2009-0655
Lenovo Veriface III allows physically proximate malicious users to login to a Windows account by presenting a "plain image" of the authorized user.
Lenovo Veriface Iii
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-5248
CVE-2024-3110
CVE-2024-5552
CVE-2024-29415
HTML injection
CVE-2024-3095
TCP
type confusion
CVE-2024-1800
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
NEXT »