firefly-iii is vulnerable to Cross-Site Request Forgery (CSRF). Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.
CSRF
Firefly Iii
NVD
GitHub
CVSS 3.1
4.3
EPSS
0.4%