CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2021-3846 – Unrestricted Upload of File with Dangerous Type in firefly-iii/firefly-iii
https://notcve.org/view.php?id=CVE-2021-3846
firefly-iii is vulnerable to Unrestricted Upload of File with Dangerous Type firefly-iii es vulnerable a una Carga no Restringida de Archivos de Tipo Peligrosos • https://github.com/firefly-iii/firefly-iii/commit/a85b6420c19ace35134f896e094e1971d8c7954b https://huntr.dev/bounties/5267ec1c-d204-40d2-bd4f-6c2dd495ee18 • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2021-3819 – Cross-Site Request Forgery (CSRF) in firefly-iii/firefly-iii
https://notcve.org/view.php?id=CVE-2021-3819
firefly-iii is vulnerable to Cross-Site Request Forgery (CSRF) firefly-iii es vulnerable a un ataque de tipo Cross-Site Request Forgery (CSRF) • https://github.com/firefly-iii/firefly-iii/commit/578f350498b75f31d321c78a608c7f7b3b7b07e9 https://huntr.dev/bounties/da82f7b6-4ffc-4109-87a4-a2a790bd44e5 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2021-3663 – Improper Restriction of Excessive Authentication Attempts in firefly-iii/firefly-iii
https://notcve.org/view.php?id=CVE-2021-3663
firefly-iii is vulnerable to Improper Restriction of Excessive Authentication Attempts firefly-iii es vulnerable a la Restricción Inapropiada de Intentos de Autenticación Excesivos • https://github.com/firefly-iii/firefly-iii/commit/afc9f4b7ebc8a240c85864a6e1abda62bfeefae8 https://huntr.dev/bounties/497bdf6d-7dba-49c3-8011-1c64dfbb3380 • CWE-307: Improper Restriction of Excessive Authentication Attempts •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1CVE-2019-13647
https://notcve.org/view.php?id=CVE-2019-13647
Firefly III before 4.7.17.3 is vulnerable to stored XSS due to lack of filtration of user-supplied data in image file content. The JavaScript code is executed during attachments/view/$file_id$ attachment viewing. NOTE: It is asserted that an attacker must have the same access rights as the user in order to be able to execute the vulnerability ** EN DISPUTA ** Firefly III anterior a versión 4.7.17.3, es vulnerable a un problema de tipo XSS almacenado debido a la falta de filtrado de los datos suministrados por el usuario en el contenido del archivo de imagen. El código JavaScript se ejecuta durante la visualización de adjuntos del archivo attachments/view/$file_id$. NOTA: Se afirma que un atacante debe tener los mismos derechos de acceso que el usuario para poder ejecutar la vulnerabilidad. • https://github.com/firefly-iii/firefly-iii/compare/a70b7cc...7d482aa https://github.com/firefly-iii/firefly-iii/issues/2338 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1CVE-2019-13646
https://notcve.org/view.php?id=CVE-2019-13646
Firefly III before 4.7.17.3 is vulnerable to reflected XSS due to lack of filtration of user-supplied data in a search query. NOTE: It is asserted that an attacker must have the same access rights as the user in order to be able to execute the vulnerability ** EN DISPUTA ** Firefly III anterior a versión 4.7.17.3, es vulnerable a un problema de tipo XSS reflejado debido a la falta de filtrado de los datos suministrados por el usuario en una consulta de búsqueda. NOTA: Se afirma que un atacante debe tener los mismos derechos de acceso que el usuario para poder ejecutar la vulnerabilidad • https://github.com/firefly-iii/firefly-iii/compare/a70b7cc...7d482aa https://github.com/firefly-iii/firefly-iii/issues/2339 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •