CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2021-3846 – Unrestricted Upload of File with Dangerous Type in firefly-iii/firefly-iii
https://notcve.org/view.php?id=CVE-2021-3846
firefly-iii is vulnerable to Unrestricted Upload of File with Dangerous Type firefly-iii es vulnerable a una Carga no Restringida de Archivos de Tipo Peligrosos • https://github.com/firefly-iii/firefly-iii/commit/a85b6420c19ace35134f896e094e1971d8c7954b https://huntr.dev/bounties/5267ec1c-d204-40d2-bd4f-6c2dd495ee18 • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2021-3819 – Cross-Site Request Forgery (CSRF) in firefly-iii/firefly-iii
https://notcve.org/view.php?id=CVE-2021-3819
firefly-iii is vulnerable to Cross-Site Request Forgery (CSRF) firefly-iii es vulnerable a un ataque de tipo Cross-Site Request Forgery (CSRF) • https://github.com/firefly-iii/firefly-iii/commit/578f350498b75f31d321c78a608c7f7b3b7b07e9 https://huntr.dev/bounties/da82f7b6-4ffc-4109-87a4-a2a790bd44e5 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2021-3663 – Improper Restriction of Excessive Authentication Attempts in firefly-iii/firefly-iii
https://notcve.org/view.php?id=CVE-2021-3663
firefly-iii is vulnerable to Improper Restriction of Excessive Authentication Attempts firefly-iii es vulnerable a la Restricción Inapropiada de Intentos de Autenticación Excesivos • https://github.com/firefly-iii/firefly-iii/commit/afc9f4b7ebc8a240c85864a6e1abda62bfeefae8 https://huntr.dev/bounties/497bdf6d-7dba-49c3-8011-1c64dfbb3380 • CWE-307: Improper Restriction of Excessive Authentication Attempts •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2019-14667
https://notcve.org/view.php?id=CVE-2019-14667
Firefly III 4.7.17.4 is vulnerable to multiple stored XSS issues due to the lack of filtration of user-supplied data in the transaction description field and the asset account name. The JavaScript code is executed during a convert transaction action. Firefly III 4.7.17.4, es vulnerable a múltiples problemas de XSS almacenado debido a la falta de filtración de datos suministrados por el usuario en el campo de descripción de transacción y el nombre de cuenta del activo. El código JavaScript es ejecutado durante una acción de transacción de conversión. • https://github.com/firefly-iii/firefly-iii/commit/15d4d185bbedf2bb9db4a8fa2ccf9fc359a06194 https://github.com/firefly-iii/firefly-iii/commit/427de0594d05a8222f55b2894311e648ba1be991 https://github.com/firefly-iii/firefly-iii/issues/2363 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1CVE-2019-14668
https://notcve.org/view.php?id=CVE-2019-14668
Firefly III 4.7.17.3 is vulnerable to stored XSS due to the lack of filtration of user-supplied data in the transaction description field. The JavaScript code is executed during deletion of a transaction link. Firefly III versión 4.7.17.3, es vulnerable a una ataque de tipo XSS almacenado debido a la falta de filtración de datos suministrados por el usuario en el campo de descripción de la transacción. El código JavaScript es ejecutado durante la eliminación de un enlace de transacción. • https://github.com/firefly-iii/firefly-iii/commit/3ad4e04e2ae50e60564b60b68dfac083e5684882 https://github.com/firefly-iii/firefly-iii/issues/2364 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •