CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2024-22075
https://notcve.org/view.php?id=CVE-2024-22075
Firefly III (aka firefly-iii) before 6.1.1 allows webhooks HTML Injection. Firefly III (aka firefly-iii) anterior a 6.1.1 permite la inyección HTML de webhooks. • https://github.com/firefly-iii/firefly-iii/releases/tag/v6.1.1 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 0%CPEs: 5EXPL: 0CVE-2023-1788 – Insufficient Session Expiration in firefly-iii/firefly-iii
https://notcve.org/view.php?id=CVE-2023-1788
Insufficient Session Expiration in GitHub repository firefly-iii/firefly-iii prior to 6. • https://github.com/firefly-iii/firefly-iii/commit/68f398f97cbe1870fc098d8460bf903b9c3fab30 https://huntr.dev/bounties/79323c9e-e0e5-48ef-bd19-d0b09587ccb2 • CWE-613: Insufficient Session Expiration •
CVSS: 9.8EPSS: 0%CPEs: 5EXPL: 0CVE-2023-1789 – Improper Input Validation in firefly-iii/firefly-iii
https://notcve.org/view.php?id=CVE-2023-1789
Improper Input Validation in GitHub repository firefly-iii/firefly-iii prior to 6.0.0. • https://github.com/firefly-iii/firefly-iii/commit/6b05c0fbd3e8c40ae9b24dc2698821786fccf0c5 https://huntr.dev/bounties/2c3489f7-6b84-48f8-9368-9cea67cf373d • CWE-20: Improper Input Validation •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 1CVE-2023-0298 – Incorrect Authorization in firefly-iii/firefly-iii
https://notcve.org/view.php?id=CVE-2023-0298
Incorrect Authorization in GitHub repository firefly-iii/firefly-iii prior to 5.8.0. • https://github.com/firefly-iii/firefly-iii/commit/db0500dcf0d4f1990fc7a377ef0d56c3884fcaa4 https://huntr.dev/bounties/9689052c-c1d7-4aae-aa08-346c9b6e04ed • CWE-863: Incorrect Authorization •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 1CVE-2021-4005 – Cross-Site Request Forgery (CSRF) in firefly-iii/firefly-iii
https://notcve.org/view.php?id=CVE-2021-4005
firefly-iii is vulnerable to Cross-Site Request Forgery (CSRF) firefly-iii es vulnerable a un ataque de tipo Cross-Site Request Forgery (CSRF) • https://github.com/firefly-iii/firefly-iii/commit/03a1601bf343181df9f405dd2109aec483cb7053 https://huntr.dev/bounties/bf4ef581-325a-492d-a710-14fcb53f00ff • CWE-352: Cross-Site Request Forgery (CSRF) •