firefly-iii is a free and open source personal finance software. firefly-iii suffers from a cross-site request forgery vulnerability, which originates when a WEB application does not sufficiently validate that a request is from a trusted user, and can be exploited by an attacker to send an unintended request to the server via the affected client.