grumpydictator/firefly-iii is vulnerable to cross-site request forgery(CSRF). An authenticated attacker is able to cause cross-site request forgery attacks via billButtons
because it does not validate CSRF tokens.
CPE | Name | Operator | Version |
---|---|---|---|
grumpydictator/firefly-iii | le | 5.6.2 | |
grumpydictator/firefly-iii | le | 5.6.2 |