Lucene search
Veracode Vulnerability DatabaseVERACODE:40134HistoryApr 17, 2023 - 12:46 p.m.
Cross Site Scripting (XSS)
2023-04-1712:46:59
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
7
cross site scripting
xss
html injection
malicious site redirect
software vulnerability
0.002 Low
EPSS
Percentile
56.2%
grumpydictator/firefly-iii is vulnerable to Cross Site Scripting (XSS). The vulnerability exists when adding new currencies which allows an attacker to inject malicious HTML payloads and redirect a user to a malicious site.
| CPE | Name | Operator | Version |
|---|---|---|---|
| grumpydictator/firefly-iii | le | 6.0.0-beta.1 | |
| grumpydictator/firefly-iii | le | 6.0.0-beta.1 |
Related
cve
cve
CVE-2023-1789
2023-04-01 02:15:07
osv
osv
Firefly III vulnerable to improper input validation
2023-04-01 03:30:16
CVE-2023-1789
2023-04-01 02:15:07
huntr
huntr
HTML injection leads to Open Redirect
2023-02-15 23:07:14
cvelist
cvelist
CVE-2023-1789 Improper Input Validation in firefly-iii/firefly-iii
2023-04-01 00:00:00
nvd
nvd
CVE-2023-1789
2023-04-01 02:15:07
github
github
Firefly III vulnerable to improper input validation
2023-04-01 03:30:16
prion
prion
Input validation
2023-04-01 02:15:00