Vulnerabilities > Firefly III > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-08-23 | CVE-2021-3728 | Cross-Site Request Forgery (CSRF) vulnerability in Firefly-Iii Firefly III firefly-iii is vulnerable to Cross-Site Request Forgery (CSRF) | 4.3 |
| 2021-08-23 | CVE-2021-3729 | Cross-Site Request Forgery (CSRF) vulnerability in Firefly-Iii Firefly III firefly-iii is vulnerable to Cross-Site Request Forgery (CSRF) | 4.3 |
| 2021-08-23 | CVE-2021-3730 | Cross-Site Request Forgery (CSRF) vulnerability in Firefly-Iii Firefly III firefly-iii is vulnerable to Cross-Site Request Forgery (CSRF) | 4.3 |
| 2021-07-25 | CVE-2021-3663 | Improper Restriction of Excessive Authentication Attempts vulnerability in Firefly-Iii Firefly III firefly-iii is vulnerable to Improper Restriction of Excessive Authentication Attempts | 5.0 |
| 2019-08-05 | CVE-2019-14667 | Cross-site Scripting vulnerability in Firefly-Iii Firefly III 4.7.17.4 Firefly III 4.7.17.4 is vulnerable to multiple stored XSS issues due to the lack of filtration of user-supplied data in the transaction description field and the asset account name. | 4.3 |
| 2019-07-18 | CVE-2019-13647 | Cross-site Scripting vulnerability in Firefly-Iii Firefly III Firefly III before 4.7.17.3 is vulnerable to stored XSS due to lack of filtration of user-supplied data in image file content. | 5.4 |
| 2019-07-18 | CVE-2019-13646 | Cross-site Scripting vulnerability in Firefly-Iii Firefly III Firefly III before 4.7.17.3 is vulnerable to reflected XSS due to lack of filtration of user-supplied data in a search query. | 5.4 |
| 2019-07-18 | CVE-2019-13645 | Cross-site Scripting vulnerability in Firefly-Iii Firefly III Firefly III before 4.7.17.3 is vulnerable to stored XSS due to lack of filtration of user-supplied data in image file names. | 5.4 |
| 2019-07-18 | CVE-2019-13644 | Cross-site Scripting vulnerability in Firefly-Iii Firefly III Firefly III before 4.7.17.1 is vulnerable to stored XSS due to lack of filtration of user-supplied data in a budget name. | 5.4 |