grumpydictator/firefly-iii is vulnerable to cross-site scripting (XSS). The attack is possible because it does not escape the user provided data in the asset account name field, allowing an attacker to inject malicious script through it.
CPE | Name | Operator | Version |
---|---|---|---|
grumpydictator/firefly-iii | le | 4.7.17.3 |