CVSS: 5.9EPSS: 0%CPEs: 1EXPL: 0CVE-2024-37893 – MFA bypass in oauth flow in Firefly III
https://notcve.org/view.php?id=CVE-2024-37893
17 Jun 2024 — Firefly III is a free and open source personal finance manager. In affected versions an MFA bypass in the Firefly III OAuth flow may allow malicious users to bypass the MFA-check. This allows malicious users to use password spraying to gain access to Firefly III data using passwords stolen from other sources. As OAuth applications are easily enumerable using an incrementing id, an attacker could try sign an OAuth application up to a users profile quite easily if they have created one. The attacker would als... • https://github.com/firefly-iii/firefly-iii/security/advisories/GHSA-4gm4-c4mh-4p7w • CWE-287: Improper Authentication CWE-288: Authentication Bypass Using an Alternate Path or Channel •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2024-22075
https://notcve.org/view.php?id=CVE-2024-22075
05 Jan 2024 — Firefly III (aka firefly-iii) before 6.1.1 allows webhooks HTML Injection. Firefly III (aka firefly-iii) anterior a 6.1.1 permite la inyección HTML de webhooks. • https://github.com/firefly-iii/firefly-iii/releases/tag/v6.1.1 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 10.0EPSS: 0%CPEs: 5EXPL: 0CVE-2023-1788 – Insufficient Session Expiration in firefly-iii/firefly-iii
https://notcve.org/view.php?id=CVE-2023-1788
05 Apr 2023 — Insufficient Session Expiration in GitHub repository firefly-iii/firefly-iii prior to 6. • https://github.com/firefly-iii/firefly-iii/commit/68f398f97cbe1870fc098d8460bf903b9c3fab30 • CWE-613: Insufficient Session Expiration •
CVSS: 10.0EPSS: 0%CPEs: 5EXPL: 0CVE-2023-1789 – Improper Input Validation in firefly-iii/firefly-iii
https://notcve.org/view.php?id=CVE-2023-1789
01 Apr 2023 — Improper Input Validation in GitHub repository firefly-iii/firefly-iii prior to 6.0.0. • https://github.com/firefly-iii/firefly-iii/commit/6b05c0fbd3e8c40ae9b24dc2698821786fccf0c5 • CWE-20: Improper Input Validation •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 1CVE-2023-0298 – Incorrect Authorization in firefly-iii/firefly-iii
https://notcve.org/view.php?id=CVE-2023-0298
14 Jan 2023 — Incorrect Authorization in GitHub repository firefly-iii/firefly-iii prior to 5.8.0. • https://github.com/firefly-iii/firefly-iii/commit/db0500dcf0d4f1990fc7a377ef0d56c3884fcaa4 • CWE-863: Incorrect Authorization •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 1CVE-2021-4005 – Cross-Site Request Forgery (CSRF) in firefly-iii/firefly-iii
https://notcve.org/view.php?id=CVE-2021-4005
04 Dec 2021 — firefly-iii is vulnerable to Cross-Site Request Forgery (CSRF) firefly-iii es vulnerable a un ataque de tipo Cross-Site Request Forgery (CSRF) • https://github.com/firefly-iii/firefly-iii/commit/03a1601bf343181df9f405dd2109aec483cb7053 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 1CVE-2021-4015 – Cross-Site Request Forgery (CSRF) in firefly-iii/firefly-iii
https://notcve.org/view.php?id=CVE-2021-4015
01 Dec 2021 — firefly-iii is vulnerable to Cross-Site Request Forgery (CSRF) firefly-iii es vulnerable a la falsificación de peticiones en sitios cruzados (CSRF) • https://github.com/firefly-iii/firefly-iii/commit/518b4ba5a7a56760902758ae0a2c6a392c2f4d37 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1CVE-2021-3921 – Cross-Site Request Forgery (CSRF) in firefly-iii/firefly-iii
https://notcve.org/view.php?id=CVE-2021-3921
13 Nov 2021 — firefly-iii is vulnerable to Cross-Site Request Forgery (CSRF) firefly-iii es vulnerable a un ataque de tipo Cross-Site Request Forgery (CSRF) • https://github.com/firefly-iii/firefly-iii/commit/47fa9e39561a9ec9e210e4023d090a7b33381684 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2021-3901 – Cross-Site Request Forgery (CSRF) in firefly-iii/firefly-iii
https://notcve.org/view.php?id=CVE-2021-3901
27 Oct 2021 — firefly-iii is vulnerable to Cross-Site Request Forgery (CSRF) firefly-iii es vulnerable a un ataque de tipo Cross-Site Request Forgery (CSRF) • https://github.com/firefly-iii/firefly-iii/commit/b42d8d1e305cad70d9b83b33cd8e0d7a4b2060c2 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 1CVE-2021-3900 – Cross-Site Request Forgery (CSRF) in firefly-iii/firefly-iii
https://notcve.org/view.php?id=CVE-2021-3900
27 Oct 2021 — firefly-iii is vulnerable to Cross-Site Request Forgery (CSRF) firefly-iii es vulnerable a un ataque de tipo Cross-Site Request Forgery (CSRF) • https://github.com/firefly-iii/firefly-iii/commit/c2c8c42ef3194d1aeba8c48240fe2e9063f77635 • CWE-352: Cross-Site Request Forgery (CSRF) •