Skip to main content

Firefly Iii

26 CVEs product

Monthly

CVE-2024-22075 PHP MEDIUM PATCH This Month

Firefly III (aka firefly-iii) before 6.1.1 allows webhooks HTML Injection. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Firefly Iii
NVD GitHub
CVSS 3.1
6.1
EPSS
0.1%
CVE-2023-1788 PHP CRITICAL PATCH Act Now

Insufficient Session Expiration in GitHub repository firefly-iii/firefly-iii prior to 6. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Firefly Iii
NVD GitHub
CVSS 3.1
9.8
EPSS
0.4%
CVE-2023-1789 PHP CRITICAL PATCH Act Now

Improper Input Validation in GitHub repository firefly-iii/firefly-iii prior to 6.0.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Firefly Iii
NVD GitHub
CVSS 3.1
9.8
EPSS
0.3%
CVE-2023-0298 PHP MEDIUM POC PATCH This Month

Incorrect Authorization in GitHub repository firefly-iii/firefly-iii prior to 5.8.0. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Authentication Bypass Firefly Iii
NVD GitHub
CVSS 3.1
6.5
EPSS
0.6%
CVE-2021-4005 PHP MEDIUM POC PATCH This Month

firefly-iii is vulnerable to Cross-Site Request Forgery (CSRF). Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

CSRF Firefly Iii
NVD GitHub
CVSS 3.1
4.3
EPSS
0.4%
CVE-2021-4015 PHP MEDIUM POC PATCH This Month

firefly-iii is vulnerable to Cross-Site Request Forgery (CSRF). Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

CSRF Firefly Iii
NVD GitHub
CVSS 3.1
4.3
EPSS
0.4%
CVE-2021-3921 PHP MEDIUM POC PATCH This Month

firefly-iii is vulnerable to Cross-Site Request Forgery (CSRF). Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

CSRF Firefly Iii
NVD GitHub
CVSS 3.1
4.3
EPSS
0.4%
CVE-2021-3901 PHP HIGH POC PATCH This Week

firefly-iii is vulnerable to Cross-Site Request Forgery (CSRF). Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

CSRF Firefly Iii
NVD GitHub
CVSS 3.1
8.8
EPSS
0.5%
CVE-2021-3900 PHP MEDIUM POC PATCH This Month

firefly-iii is vulnerable to Cross-Site Request Forgery (CSRF). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

CSRF Firefly Iii
NVD GitHub
CVSS 3.1
6.5
EPSS
0.5%
CVE-2021-3851 PHP MEDIUM POC PATCH This Month

firefly-iii is vulnerable to URL Redirection to Untrusted Site. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Open Redirect Firefly Iii
NVD GitHub
CVSS 3.1
5.4
EPSS
0.6%
CVE-2021-3846 PHP HIGH POC PATCH This Week

firefly-iii is vulnerable to Unrestricted Upload of File with Dangerous Type. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

File Upload Firefly Iii
NVD GitHub
CVSS 3.1
8.8
EPSS
0.8%
CVE-2021-3819 PHP HIGH POC PATCH This Week

firefly-iii is vulnerable to Cross-Site Request Forgery (CSRF). Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

CSRF Firefly Iii
NVD GitHub
CVSS 3.1
8.8
EPSS
0.5%
CVE-2021-3730 PHP MEDIUM PATCH This Month

firefly-iii is vulnerable to Cross-Site Request Forgery (CSRF). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

CSRF Firefly Iii
NVD GitHub
CVSS 3.1
6.5
EPSS
0.5%
CVE-2021-3729 PHP MEDIUM PATCH This Month

firefly-iii is vulnerable to Cross-Site Request Forgery (CSRF). Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

CSRF Firefly Iii
NVD GitHub
CVSS 3.1
4.3
EPSS
0.4%
CVE-2021-3728 PHP MEDIUM POC PATCH This Month

firefly-iii is vulnerable to Cross-Site Request Forgery (CSRF). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

CSRF Firefly Iii
NVD GitHub
CVSS 3.1
6.5
EPSS
0.5%
CVE-2021-3663 PHP HIGH POC PATCH This Week

firefly-iii is vulnerable to Improper Restriction of Excessive Authentication Attempts. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Firefly Iii
NVD GitHub
CVSS 3.1
7.5
EPSS
0.7%
CVE-2019-14672 MEDIUM POC PATCH This Month

Firefly III 4.7.17.5 is vulnerable to stored XSS due to the lack of filtration of user-supplied data in the liability name field. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Firefly Iii
NVD GitHub
CVSS 3.0
5.4
EPSS
0.7%
CVE-2019-14671 PHP LOW POC PATCH Monitor

Firefly III 4.7.17.3 is vulnerable to local file enumeration. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. Public exploit code available.

Information Disclosure Firefly Iii
NVD GitHub
CVSS 3.0
3.3
EPSS
0.5%
CVE-2019-14670 MEDIUM POC PATCH This Month

Firefly III 4.7.17.3 is vulnerable to stored XSS due to the lack of filtration of user-supplied data in the bill name field. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Firefly Iii
NVD GitHub
CVSS 3.0
5.4
EPSS
0.8%
CVE-2019-14669 MEDIUM POC PATCH This Month

Firefly III 4.7.17.3 is vulnerable to stored XSS due to the lack of filtration of user-supplied data in the asset account name. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Firefly Iii
NVD GitHub
CVSS 3.0
5.4
EPSS
0.8%
CVE-2019-14668 MEDIUM POC PATCH This Month

Firefly III 4.7.17.3 is vulnerable to stored XSS due to the lack of filtration of user-supplied data in the transaction description field. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Firefly Iii
NVD GitHub
CVSS 3.0
5.4
EPSS
0.8%
CVE-2019-14667 MEDIUM POC PATCH This Month

Firefly III 4.7.17.4 is vulnerable to multiple stored XSS issues due to the lack of filtration of user-supplied data in the transaction description field and the asset account name. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS Firefly Iii
NVD GitHub
CVSS 3.0
6.1
EPSS
1.3%
CVE-2019-13647 PHP MEDIUM POC PATCH This Month

Firefly III before 4.7.17.3 is vulnerable to stored XSS due to lack of filtration of user-supplied data in image file content. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Firefly Iii
NVD GitHub
CVSS 3.0
5.4
EPSS
0.8%
CVE-2019-13646 PHP MEDIUM POC PATCH This Month

Firefly III before 4.7.17.3 is vulnerable to reflected XSS due to lack of filtration of user-supplied data in a search query. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Firefly Iii
NVD GitHub
CVSS 3.0
5.4
EPSS
0.8%
CVE-2019-13645 PHP MEDIUM POC PATCH This Month

Firefly III before 4.7.17.3 is vulnerable to stored XSS due to lack of filtration of user-supplied data in image file names. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Firefly Iii
NVD GitHub
CVSS 3.0
5.4
EPSS
0.8%
CVE-2019-13644 PHP MEDIUM POC PATCH This Month

Firefly III before 4.7.17.1 is vulnerable to stored XSS due to lack of filtration of user-supplied data in a budget name. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Firefly Iii
NVD GitHub
CVSS 3.1
5.4
EPSS
0.8%
EPSS 0% CVSS 6.1
MEDIUM PATCH This Month

Firefly III (aka firefly-iii) before 6.1.1 allows webhooks HTML Injection. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Firefly Iii
NVD GitHub
EPSS 0% CVSS 9.8
CRITICAL PATCH Act Now

Insufficient Session Expiration in GitHub repository firefly-iii/firefly-iii prior to 6. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Firefly Iii
NVD GitHub
EPSS 0% CVSS 9.8
CRITICAL PATCH Act Now

Improper Input Validation in GitHub repository firefly-iii/firefly-iii prior to 6.0.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Firefly Iii
NVD GitHub
EPSS 1% CVSS 6.5
MEDIUM POC PATCH This Month

Incorrect Authorization in GitHub repository firefly-iii/firefly-iii prior to 5.8.0. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Authentication Bypass Firefly Iii
NVD GitHub
EPSS 0% CVSS 4.3
MEDIUM POC PATCH This Month

firefly-iii is vulnerable to Cross-Site Request Forgery (CSRF). Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

CSRF Firefly Iii
NVD GitHub
EPSS 0% CVSS 4.3
MEDIUM POC PATCH This Month

firefly-iii is vulnerable to Cross-Site Request Forgery (CSRF). Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

CSRF Firefly Iii
NVD GitHub
EPSS 0% CVSS 4.3
MEDIUM POC PATCH This Month

firefly-iii is vulnerable to Cross-Site Request Forgery (CSRF). Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

CSRF Firefly Iii
NVD GitHub
EPSS 1% CVSS 8.8
HIGH POC PATCH This Week

firefly-iii is vulnerable to Cross-Site Request Forgery (CSRF). Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

CSRF Firefly Iii
NVD GitHub
EPSS 1% CVSS 6.5
MEDIUM POC PATCH This Month

firefly-iii is vulnerable to Cross-Site Request Forgery (CSRF). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

CSRF Firefly Iii
NVD GitHub
EPSS 1% CVSS 5.4
MEDIUM POC PATCH This Month

firefly-iii is vulnerable to URL Redirection to Untrusted Site. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Open Redirect Firefly Iii
NVD GitHub
EPSS 1% CVSS 8.8
HIGH POC PATCH This Week

firefly-iii is vulnerable to Unrestricted Upload of File with Dangerous Type. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

File Upload Firefly Iii
NVD GitHub
EPSS 1% CVSS 8.8
HIGH POC PATCH This Week

firefly-iii is vulnerable to Cross-Site Request Forgery (CSRF). Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

CSRF Firefly Iii
NVD GitHub
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

firefly-iii is vulnerable to Cross-Site Request Forgery (CSRF). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

CSRF Firefly Iii
NVD GitHub
EPSS 0% CVSS 4.3
MEDIUM PATCH This Month

firefly-iii is vulnerable to Cross-Site Request Forgery (CSRF). Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

CSRF Firefly Iii
NVD GitHub
EPSS 1% CVSS 6.5
MEDIUM POC PATCH This Month

firefly-iii is vulnerable to Cross-Site Request Forgery (CSRF). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

CSRF Firefly Iii
NVD GitHub
EPSS 1% CVSS 7.5
HIGH POC PATCH This Week

firefly-iii is vulnerable to Improper Restriction of Excessive Authentication Attempts. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Firefly Iii
NVD GitHub
EPSS 1% CVSS 5.4
MEDIUM POC PATCH This Month

Firefly III 4.7.17.5 is vulnerable to stored XSS due to the lack of filtration of user-supplied data in the liability name field. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Firefly Iii
NVD GitHub
EPSS 0% CVSS 3.3
LOW POC PATCH Monitor

Firefly III 4.7.17.3 is vulnerable to local file enumeration. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. Public exploit code available.

Information Disclosure Firefly Iii
NVD GitHub
EPSS 1% CVSS 5.4
MEDIUM POC PATCH This Month

Firefly III 4.7.17.3 is vulnerable to stored XSS due to the lack of filtration of user-supplied data in the bill name field. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Firefly Iii
NVD GitHub
EPSS 1% CVSS 5.4
MEDIUM POC PATCH This Month

Firefly III 4.7.17.3 is vulnerable to stored XSS due to the lack of filtration of user-supplied data in the asset account name. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Firefly Iii
NVD GitHub
EPSS 1% CVSS 5.4
MEDIUM POC PATCH This Month

Firefly III 4.7.17.3 is vulnerable to stored XSS due to the lack of filtration of user-supplied data in the transaction description field. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Firefly Iii
NVD GitHub
EPSS 1% CVSS 6.1
MEDIUM POC PATCH This Month

Firefly III 4.7.17.4 is vulnerable to multiple stored XSS issues due to the lack of filtration of user-supplied data in the transaction description field and the asset account name. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS Firefly Iii
NVD GitHub
EPSS 1% CVSS 5.4
MEDIUM POC PATCH This Month

Firefly III before 4.7.17.3 is vulnerable to stored XSS due to lack of filtration of user-supplied data in image file content. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Firefly Iii
NVD GitHub
EPSS 1% CVSS 5.4
MEDIUM POC PATCH This Month

Firefly III before 4.7.17.3 is vulnerable to reflected XSS due to lack of filtration of user-supplied data in a search query. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Firefly Iii
NVD GitHub
EPSS 1% CVSS 5.4
MEDIUM POC PATCH This Month

Firefly III before 4.7.17.3 is vulnerable to stored XSS due to lack of filtration of user-supplied data in image file names. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Firefly Iii
NVD GitHub
EPSS 1% CVSS 5.4
MEDIUM POC PATCH This Month

Firefly III before 4.7.17.1 is vulnerable to stored XSS due to lack of filtration of user-supplied data in a budget name. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Firefly Iii
NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy