Vulnerabilities > Firefly III

DATE CVE VULNERABILITY TITLE RISK
2024-01-05 CVE-2024-22075 Cross-site Scripting vulnerability in Firefly-Iii Firefly III
Firefly III (aka firefly-iii) before 6.1.1 allows webhooks HTML Injection.
network
low complexity
firefly-iii CWE-79
6.1
2023-04-05 CVE-2023-1788 Insufficient Session Expiration vulnerability in Firefly-Iii Firefly III
Insufficient Session Expiration in GitHub repository firefly-iii/firefly-iii prior to 6.
network
low complexity
firefly-iii CWE-613
critical
9.8
2023-04-01 CVE-2023-1789 Improper Input Validation vulnerability in Firefly-Iii Firefly III
Improper Input Validation in GitHub repository firefly-iii/firefly-iii prior to 6.0.0.
network
low complexity
firefly-iii CWE-20
critical
9.8
2023-01-14 CVE-2023-0298 Incorrect Authorization vulnerability in Firefly-Iii Firefly III
Incorrect Authorization in GitHub repository firefly-iii/firefly-iii prior to 5.8.0.
network
low complexity
firefly-iii CWE-863
6.5
2021-12-04 CVE-2021-4005 Cross-Site Request Forgery (CSRF) vulnerability in Firefly-Iii Firefly III
firefly-iii is vulnerable to Cross-Site Request Forgery (CSRF)
network
low complexity
firefly-iii CWE-352
4.3
2021-12-01 CVE-2021-4015 Cross-Site Request Forgery (CSRF) vulnerability in Firefly-Iii Firefly III
firefly-iii is vulnerable to Cross-Site Request Forgery (CSRF)
network
low complexity
firefly-iii CWE-352
4.3
2021-11-13 CVE-2021-3921 Cross-Site Request Forgery (CSRF) vulnerability in Firefly-Iii Firefly III
firefly-iii is vulnerable to Cross-Site Request Forgery (CSRF)
network
low complexity
firefly-iii CWE-352
4.3
2021-10-27 CVE-2021-3901 Cross-Site Request Forgery (CSRF) vulnerability in Firefly-Iii Firefly III
firefly-iii is vulnerable to Cross-Site Request Forgery (CSRF)
network
low complexity
firefly-iii CWE-352
8.8
2021-10-27 CVE-2021-3900 Cross-Site Request Forgery (CSRF) vulnerability in Firefly-Iii Firefly III
firefly-iii is vulnerable to Cross-Site Request Forgery (CSRF)
network
low complexity
firefly-iii CWE-352
6.5
2021-10-19 CVE-2021-3846 Unrestricted Upload of File with Dangerous Type vulnerability in Firefly-Iii Firefly III
firefly-iii is vulnerable to Unrestricted Upload of File with Dangerous Type
network
low complexity
firefly-iii CWE-434
8.8