CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1CVE-2021-3851 – Open Redirect in firefly-iii/firefly-iii
https://notcve.org/view.php?id=CVE-2021-3851
19 Oct 2021 — firefly-iii is vulnerable to URL Redirection to Untrusted Site firefly-iii es vulnerable a una Redirección de URLs a Sitios no Confiables • https://github.com/firefly-iii/firefly-iii/commit/8662dfa4c0f71efef61c31dc015c6f723db8318d • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2021-3846 – Unrestricted Upload of File with Dangerous Type in firefly-iii/firefly-iii
https://notcve.org/view.php?id=CVE-2021-3846
19 Oct 2021 — firefly-iii is vulnerable to Unrestricted Upload of File with Dangerous Type firefly-iii es vulnerable a una Carga no Restringida de Archivos de Tipo Peligrosos • https://github.com/firefly-iii/firefly-iii/commit/a85b6420c19ace35134f896e094e1971d8c7954b • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2021-3819 – Cross-Site Request Forgery (CSRF) in firefly-iii/firefly-iii
https://notcve.org/view.php?id=CVE-2021-3819
27 Sep 2021 — firefly-iii is vulnerable to Cross-Site Request Forgery (CSRF) firefly-iii es vulnerable a un ataque de tipo Cross-Site Request Forgery (CSRF) • https://github.com/firefly-iii/firefly-iii/commit/578f350498b75f31d321c78a608c7f7b3b7b07e9 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2021-3730 – Cross-Site Request Forgery (CSRF) in firefly-iii/firefly-iii
https://notcve.org/view.php?id=CVE-2021-3730
23 Aug 2021 — firefly-iii is vulnerable to Cross-Site Request Forgery (CSRF) firefly-iii, es vulnerable a un ataque de tipo Cross-Site Request Forgery (CSRF) • https://github.com/firefly-iii/firefly-iii/commit/f80178b1b2b7864d17500a131d570c353c9a26f6 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2021-3729 – Cross-Site Request Forgery (CSRF) in firefly-iii/firefly-iii
https://notcve.org/view.php?id=CVE-2021-3729
23 Aug 2021 — firefly-iii is vulnerable to Cross-Site Request Forgery (CSRF) firefly-iii, es vulnerable a un ataque de tipo Cross-Site Request Forgery (CSRF) • https://github.com/firefly-iii/firefly-iii/commit/06d319cd71b7787aa919b3ba1ccf51e4ade67712 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 1CVE-2021-3728 – Cross-Site Request Forgery (CSRF) in firefly-iii/firefly-iii
https://notcve.org/view.php?id=CVE-2021-3728
23 Aug 2021 — firefly-iii is vulnerable to Cross-Site Request Forgery (CSRF) firefly-iii, es vulnerable a un ataque de tipo Cross-Site Request Forgery (CSRF) • https://github.com/firefly-iii/firefly-iii/commit/14cdce113e0eb8090d09066fcd2b5cf03b5ac84e • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2021-3663 – Improper Restriction of Excessive Authentication Attempts in firefly-iii/firefly-iii
https://notcve.org/view.php?id=CVE-2021-3663
25 Jul 2021 — firefly-iii is vulnerable to Improper Restriction of Excessive Authentication Attempts firefly-iii es vulnerable a la Restricción Inapropiada de Intentos de Autenticación Excesivos • https://github.com/firefly-iii/firefly-iii/commit/afc9f4b7ebc8a240c85864a6e1abda62bfeefae8 • CWE-307: Improper Restriction of Excessive Authentication Attempts •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2019-14667
https://notcve.org/view.php?id=CVE-2019-14667
05 Aug 2019 — Firefly III 4.7.17.4 is vulnerable to multiple stored XSS issues due to the lack of filtration of user-supplied data in the transaction description field and the asset account name. The JavaScript code is executed during a convert transaction action. Firefly III 4.7.17.4, es vulnerable a múltiples problemas de XSS almacenado debido a la falta de filtración de datos suministrados por el usuario en el campo de descripción de transacción y el nombre de cuenta del activo. El código JavaScript es ejecutado duran... • https://github.com/firefly-iii/firefly-iii/commit/15d4d185bbedf2bb9db4a8fa2ccf9fc359a06194 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1CVE-2019-14668
https://notcve.org/view.php?id=CVE-2019-14668
05 Aug 2019 — Firefly III 4.7.17.3 is vulnerable to stored XSS due to the lack of filtration of user-supplied data in the transaction description field. The JavaScript code is executed during deletion of a transaction link. Firefly III versión 4.7.17.3, es vulnerable a una ataque de tipo XSS almacenado debido a la falta de filtración de datos suministrados por el usuario en el campo de descripción de la transacción. El código JavaScript es ejecutado durante la eliminación de un enlace de transacción. • https://github.com/firefly-iii/firefly-iii/commit/3ad4e04e2ae50e60564b60b68dfac083e5684882 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1CVE-2019-14669
https://notcve.org/view.php?id=CVE-2019-14669
05 Aug 2019 — Firefly III 4.7.17.3 is vulnerable to stored XSS due to the lack of filtration of user-supplied data in the asset account name. The JavaScript code is executed during a visit to the audit account statistics page. Firefly III versión 4.7.17.3, es vulnerable a una ataque de tipo XSS almacenado debido a la falta de filtración de datos suministrados por el usuario en el nombre de cuenta del activo. El código JavaScript es ejecutado durante una visita a la página de estadísticas de la cuenta de auditoría. • https://github.com/firefly-iii/firefly-iii/commit/2ddf48f15cbdbb475221c299872420f625c3bc3f • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •