Vulnerabilities > Firefly III

DATE	CVE	VULNERABILITY TITLE	RISK
2021-08-23	CVE-2021-3728	Cross-Site Request Forgery (CSRF) vulnerability in Firefly-Iii Firefly III firefly-iii is vulnerable to Cross-Site Request Forgery (CSRF) network firefly-iii CWE-352	4.3
2021-08-23	CVE-2021-3729	Cross-Site Request Forgery (CSRF) vulnerability in Firefly-Iii Firefly III firefly-iii is vulnerable to Cross-Site Request Forgery (CSRF) network firefly-iii CWE-352	4.3
2021-08-23	CVE-2021-3730	Cross-Site Request Forgery (CSRF) vulnerability in Firefly-Iii Firefly III firefly-iii is vulnerable to Cross-Site Request Forgery (CSRF) network firefly-iii CWE-352	4.3
2021-07-25	CVE-2021-3663	Improper Restriction of Excessive Authentication Attempts vulnerability in Firefly-Iii Firefly III firefly-iii is vulnerable to Improper Restriction of Excessive Authentication Attempts network low complexity firefly-iii CWE-307	5.0
2019-08-05	CVE-2019-14672	Cross-site Scripting vulnerability in Firefly-Iii Firefly III 4.7.17.5 Firefly III 4.7.17.5 is vulnerable to stored XSS due to the lack of filtration of user-supplied data in the liability name field. network firefly-iii CWE-79	3.5
2019-08-05	CVE-2019-14671	Information Exposure vulnerability in Firefly-Iii Firefly III 4.7.17.3 Firefly III 4.7.17.3 is vulnerable to local file enumeration. local low complexity firefly-iii CWE-200	2.1
2019-08-05	CVE-2019-14670	Cross-site Scripting vulnerability in Firefly-Iii Firefly III 4.7.17.3 Firefly III 4.7.17.3 is vulnerable to stored XSS due to the lack of filtration of user-supplied data in the bill name field. network firefly-iii CWE-79	3.5
2019-08-05	CVE-2019-14669	Cross-site Scripting vulnerability in Firefly-Iii Firefly III 4.7.17.3 Firefly III 4.7.17.3 is vulnerable to stored XSS due to the lack of filtration of user-supplied data in the asset account name. network firefly-iii CWE-79	3.5
2019-08-05	CVE-2019-14668	Cross-site Scripting vulnerability in Firefly-Iii Firefly III 4.7.17.3 Firefly III 4.7.17.3 is vulnerable to stored XSS due to the lack of filtration of user-supplied data in the transaction description field. network firefly-iii CWE-79	3.5
2019-08-05	CVE-2019-14667	Cross-site Scripting vulnerability in Firefly-Iii Firefly III 4.7.17.4 Firefly III 4.7.17.4 is vulnerable to multiple stored XSS issues due to the lack of filtration of user-supplied data in the transaction description field and the asset account name. network firefly-iii CWE-79	4.3

Vulnerabilities > Firefly III {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Vulnerabilities","item":"https://cyber.vumetric.com/vulns/"},{"@type":"ListItem","position":2,"name":"Firefly III"}]}

Vulnerabilities > Firefly III