Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
firefly iii vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2023-1789
Improper Input Validation in GitHub repository firefly-iii/firefly-iii before 6.0.0.
Firefly-iii Firefly Iii 6.0.0
Firefly-iii Firefly Iii 5.8.0
Firefly-iii Firefly Iii
9.8
CVSSv3
CVE-2023-1788
Insufficient Session Expiration in GitHub repository firefly-iii/firefly-iii before 6.
Firefly-iii Firefly Iii
Firefly-iii Firefly Iii 6.0.0
6.1
CVSSv3
CVE-2024-22075
Firefly III (aka firefly-iii) prior to 6.1.1 allows webhooks HTML Injection.
Firefly-iii Firefly Iii
8.8
CVSSv3
CVE-2021-3846
firefly-iii is vulnerable to Unrestricted Upload of File with Dangerous Type
Firefly-iii Firefly Iii
8.8
CVSSv3
CVE-2021-3819
firefly-iii is vulnerable to Cross-Site Request Forgery (CSRF)
Firefly-iii Firefly Iii
6.5
CVSSv3
CVE-2021-3900
firefly-iii is vulnerable to Cross-Site Request Forgery (CSRF)
Firefly-iii Firefly Iii
7.5
CVSSv3
CVE-2021-3663
firefly-iii is vulnerable to Improper Restriction of Excessive Authentication Attempts
Firefly-iii Firefly Iii
5.4
CVSSv3
CVE-2019-13644
Firefly III prior to 4.7.17.1 is vulnerable to stored XSS due to lack of filtration of user-supplied data in a budget name. The JavaScript code is contained in a transaction, and is executed on the tags/show/$tag_number$ tag summary page. NOTE: It is asserted that an attacker mus...
Firefly-iii Firefly Iii
5.4
CVSSv3
CVE-2019-13647
Firefly III prior to 4.7.17.3 is vulnerable to stored XSS due to lack of filtration of user-supplied data in image file content. The JavaScript code is executed during attachments/view/$file_id$ attachment viewing. NOTE: It is asserted that an attacker must have the same access r...
Firefly-iii Firefly Iii
8.8
CVSSv3
CVE-2021-3901
firefly-iii is vulnerable to Cross-Site Request Forgery (CSRF)
Firefly-iii Firefly Iii
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-23316
SQL injection
type confusion
CVE-2024-20697
CVE-2024-4344
local
CVE-2024-30043
CVE-2024-3821
CVE-2024-5041
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
NEXT »