grumpydictator/firefly-iii is vulnerable to cross-site scripting (XSS). The attack is possible because it does not escape the user provided data in liability name field, allowing an attacker to inject malicious script in a transaction to get executed upon an error condition during a visit to the account show page.
CPE | Name | Operator | Version |
---|---|---|---|
grumpydictator/firefly-iii | le | 4.7.17.5 |