Lucene search
Veracode Vulnerability DatabaseVERACODE:32748HistoryOct 28, 2021 - 5:48 a.m.
Cross-site Request Forgery (CSRF)
2021-10-2805:48:37
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
5
0.001 Low
EPSS
Percentile
47.9%
grumpydictator/firefly-iii is vulnerable to cross-site request forgery(CSRF). An authenticated attacker is able to cause cross-site request forgery attacks via billButtons because it does not validate CSRF tokens.
| CPE | Name | Operator | Version |
|---|---|---|---|
| grumpydictator/firefly-iii | le | 5.6.2 | |
| grumpydictator/firefly-iii | le | 5.6.2 |
Related
nvd
nvd
CVE-2021-3901
2021-10-27 21:15:07
cve
cve
CVE-2021-3901
2021-10-27 21:15:07
huntr
huntr
Cross-Site Request Forgery (CSRF) in firefly-iii/firefly-iii
2021-10-23 09:27:00
prion
prion
Cross site request forgery (csrf)
2021-10-27 21:15:00
osv
osv
CVE-2021-3901
2021-10-27 21:15:07
Cross-Site Request Forgery in firefly-iii
2021-10-28 23:14:14
github
github
Cross-Site Request Forgery in firefly-iii
2021-10-28 23:14:14
cnvd
cnvd
firefly-iii Cross-site Request Forgery Vulnerability (CNVD-2022-19846)
2021-10-31 00:00:00
cvelist
cvelist
CVE-2021-3901 Cross-Site Request Forgery (CSRF) in firefly-iii/firefly-iii
2021-10-27 20:50:09