Vulnerabilities > Firefly III

DATE CVE VULNERABILITY TITLE RISK
2024-01-05 CVE-2024-22075 Cross-site Scripting vulnerability in Firefly-Iii Firefly III
Firefly III (aka firefly-iii) before 6.1.1 allows webhooks HTML Injection.
network
low complexity
firefly-iii CWE-79
6.1
2023-01-14 CVE-2023-0298 Incorrect Authorization vulnerability in Firefly-Iii Firefly III
Incorrect Authorization in GitHub repository firefly-iii/firefly-iii prior to 5.8.0.
network
low complexity
firefly-iii CWE-863
6.5
2021-12-04 CVE-2021-4005 Cross-Site Request Forgery (CSRF) vulnerability in Firefly-Iii Firefly III
firefly-iii is vulnerable to Cross-Site Request Forgery (CSRF)
4.3
2021-12-01 CVE-2021-4015 Cross-Site Request Forgery (CSRF) vulnerability in Firefly-Iii Firefly III
firefly-iii is vulnerable to Cross-Site Request Forgery (CSRF)
4.3
2021-11-13 CVE-2021-3921 Cross-Site Request Forgery (CSRF) vulnerability in Firefly-Iii Firefly III
firefly-iii is vulnerable to Cross-Site Request Forgery (CSRF)
4.3
2021-10-27 CVE-2021-3901 Cross-Site Request Forgery (CSRF) vulnerability in Firefly-Iii Firefly III
firefly-iii is vulnerable to Cross-Site Request Forgery (CSRF)
6.8
2021-10-27 CVE-2021-3900 Cross-Site Request Forgery (CSRF) vulnerability in Firefly-Iii Firefly III
firefly-iii is vulnerable to Cross-Site Request Forgery (CSRF)
4.3
2021-10-19 CVE-2021-3846 Unrestricted Upload of File with Dangerous Type vulnerability in Firefly-Iii Firefly III
firefly-iii is vulnerable to Unrestricted Upload of File with Dangerous Type
network
low complexity
firefly-iii CWE-434
6.5
2021-10-19 CVE-2021-3851 Open Redirect vulnerability in Firefly-Iii Firefly III
firefly-iii is vulnerable to URL Redirection to Untrusted Site
4.9
2021-09-27 CVE-2021-3819 Cross-Site Request Forgery (CSRF) vulnerability in Firefly-Iii Firefly III
firefly-iii is vulnerable to Cross-Site Request Forgery (CSRF)
6.8