Lucene search
GoogleOSV:CVE-2019-14667HistoryAug 05, 2019 - 8:15 p.m.
CVE-2019-14667
2019-08-0520:15:11
Google
osv.dev
1
Firefly III 4.7.17.4 is vulnerable to multiple stored XSS issues due to the lack of filtration of user-supplied data in the transaction description field and the asset account name. The JavaScript code is executed during a convert transaction action.
| CPE | Name | Operator | Version |
|---|---|---|---|
| firefly-iii | eq | 4.7.6.1 | |
| firefly-iii | eq | 4.7.6.2 | |
| firefly-iii | eq | 4.3.6 | |
| firefly-iii | eq | 4.7.14 | |
| firefly-iii | eq | 3.3.6 | |
| firefly-iii | eq | 4.7.13 | |
| firefly-iii | eq | 3.3.8 | |
| firefly-iii | eq | 3.2.3 | |
| firefly-iii | eq | 3.4.0.5 | |
| firefly-iii | eq | 3.3.9 |
Related
cve
cve
CVE-2019-14667
2019-08-05 20:15:11
cvelist
cvelist
CVE-2019-14667
2019-08-05 19:23:40
veracode
veracode
Cross-site Scripting (XSS)
2019-08-06 06:54:51
prion
prion
Cross site scripting
2019-08-05 20:15:00
nvd
nvd
CVE-2019-14667
2019-08-05 20:15:11