grumpydictator/firefly-iii is vulnerable to cross-site scripting (XSS). The attack exists because it does not validate the file content provided by the user, allowing an attacker to inject a malicious script through it to get executed during viewing of attachments/view/$file_id$
attachment.
CPE | Name | Operator | Version |
---|---|---|---|
grumpydictator/firefly-iii | le | 4.7.17.2 |