QwikSec

Security Database

CVE

CWE

Training

CVE-2019-14667

Published: Aug 5, 2019

Modified: Aug 5, 2024

PUBLISHED

Description

Firefly III 4.7.17.4 is vulnerable to multiple stored XSS issues due to the lack of filtration of user-supplied data in the transaction description field and the asset account name. The JavaScript code is executed during a convert transaction action.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

https://github.com/firefly-iii/firefly-iii/issues/2363

x_refsource_MISC

https://github.com/firefly-iii/firefly-iii/commit/427de0594d05a8222f55b2894311e648ba1be991

x_refsource_MISC

https://github.com/firefly-iii/firefly-iii/commit/15d4d185bbedf2bb9db4a8fa2ccf9fc359a06194

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.