CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2019-14667

Firefly III 4.7.17.4 is vulnerable to multiple stored XSS issues due to the lack of filtration of user-supplied data in the transaction description field and the asset account name. The JavaScript code is executed during a convert transaction action.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.003

EPSS Ranking 53.4%

CVSS Severity

CVSS v3 Score 6.1

CVSS v2 Score 4.3

References

https://github.com/firefly-iii/firefly-iii/commit/15d4d185bbedf2bb9db4a8fa2ccf9fc359a06194
https://github.com/firefly-iii/firefly-iii/commit/427de0594d05a8222f55b2894311e648ba1be991
https://github.com/firefly-iii/firefly-iii/issues/2363
https://github.com/firefly-iii/firefly-iii/commit/15d4d185bbedf2bb9db4a8fa2ccf9fc359a06194
https://github.com/firefly-iii/firefly-iii/commit/427de0594d05a8222f55b2894311e648ba1be991
https://github.com/firefly-iii/firefly-iii/issues/2363

Products affected by CVE-2019-14667

Firefly-Iii » Firefly Iii » Version: 4.7.17.4

cpe:2.3:a:firefly-iii:firefly_iii:4.7.17.4

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2019-14667

Products

Pricing

Contact Us