CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2024-22075
https://notcve.org/view.php?id=CVE-2024-22075
Firefly III (aka firefly-iii) before 6.1.1 allows webhooks HTML Injection. Firefly III (aka firefly-iii) anterior a 6.1.1 permite la inyección HTML de webhooks. • https://github.com/firefly-iii/firefly-iii/releases/tag/v6.1.1 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 0%CPEs: 5EXPL: 0CVE-2023-1788 – Insufficient Session Expiration in firefly-iii/firefly-iii
https://notcve.org/view.php?id=CVE-2023-1788
Insufficient Session Expiration in GitHub repository firefly-iii/firefly-iii prior to 6. • https://github.com/firefly-iii/firefly-iii/commit/68f398f97cbe1870fc098d8460bf903b9c3fab30 https://huntr.dev/bounties/79323c9e-e0e5-48ef-bd19-d0b09587ccb2 • CWE-613: Insufficient Session Expiration •
CVSS: 9.8EPSS: 0%CPEs: 5EXPL: 0CVE-2023-1789 – Improper Input Validation in firefly-iii/firefly-iii
https://notcve.org/view.php?id=CVE-2023-1789
Improper Input Validation in GitHub repository firefly-iii/firefly-iii prior to 6.0.0. • https://github.com/firefly-iii/firefly-iii/commit/6b05c0fbd3e8c40ae9b24dc2698821786fccf0c5 https://huntr.dev/bounties/2c3489f7-6b84-48f8-9368-9cea67cf373d • CWE-20: Improper Input Validation •