grumpydictator/firefly-iii is vulnerable to information disclosure. The attack is due to lack of sanitization of fints_url
parameter in the function configureJob
, allowing an attacker to inject arbitrary script through it.
CPE | Name | Operator | Version |
---|---|---|---|
grumpydictator/firefly-iii | le | 4.7.17.3 |