CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2021-3846 – Unrestricted Upload of File with Dangerous Type in firefly-iii/firefly-iii
https://notcve.org/view.php?id=CVE-2021-3846
firefly-iii is vulnerable to Unrestricted Upload of File with Dangerous Type firefly-iii es vulnerable a una Carga no Restringida de Archivos de Tipo Peligrosos • https://github.com/firefly-iii/firefly-iii/commit/a85b6420c19ace35134f896e094e1971d8c7954b https://huntr.dev/bounties/5267ec1c-d204-40d2-bd4f-6c2dd495ee18 • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2021-3819 – Cross-Site Request Forgery (CSRF) in firefly-iii/firefly-iii
https://notcve.org/view.php?id=CVE-2021-3819
firefly-iii is vulnerable to Cross-Site Request Forgery (CSRF) firefly-iii es vulnerable a un ataque de tipo Cross-Site Request Forgery (CSRF) • https://github.com/firefly-iii/firefly-iii/commit/578f350498b75f31d321c78a608c7f7b3b7b07e9 https://huntr.dev/bounties/da82f7b6-4ffc-4109-87a4-a2a790bd44e5 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2021-3663 – Improper Restriction of Excessive Authentication Attempts in firefly-iii/firefly-iii
https://notcve.org/view.php?id=CVE-2021-3663
firefly-iii is vulnerable to Improper Restriction of Excessive Authentication Attempts firefly-iii es vulnerable a la Restricción Inapropiada de Intentos de Autenticación Excesivos • https://github.com/firefly-iii/firefly-iii/commit/afc9f4b7ebc8a240c85864a6e1abda62bfeefae8 https://huntr.dev/bounties/497bdf6d-7dba-49c3-8011-1c64dfbb3380 • CWE-307: Improper Restriction of Excessive Authentication Attempts •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1CVE-2019-14672
https://notcve.org/view.php?id=CVE-2019-14672
Firefly III 4.7.17.5 is vulnerable to stored XSS due to the lack of filtration of user-supplied data in the liability name field. The JavaScript code is executed upon an error condition during a visit to the account show page. Firefly III versión 4.7.17.5, es vulnerable a un ataque de tipo XSS almacenado debido a la falta de filtración de datos suministrados por el usuario en el campo de nombre de responsabilidad. El código JavaScript es ejecutado con una condición de error durante una visita a la página de presentación de la cuenta. • https://github.com/firefly-iii/firefly-iii/commit/8717f469b10e9f7e1547c6f70f7d24e1359d28d4 https://github.com/firefly-iii/firefly-iii/issues/2370 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •