grumpydictator/firefly-iii is vulnerable to cross-site scripting (XSS). The vulnerability exists through the lack of sanitization of link.destination.description
and link.source.description
in delete.twig
.
CPE | Name | Operator | Version |
---|---|---|---|
grumpydictator/firefly-iii | le | 4.7.17.3 |