Search Results | AttackerKB

Show filters

Topics 27 Users 9,712

Clear All

Disclosure Date

Disclosure Year Disclosure Month

Collection Command and Control Credential Access Defense Evasion Discovery Execution Exfiltration Impact Initial Access Lateral Movement Persistence Privilege Escalation

27 Total Results

Displaying 11-20 of 27

Attacker Value

Unknown

CVE-2021-3846

Disclosure Date: October 19, 2021 (last updated February 23, 2025)

firefly-iii is vulnerable to Unrestricted Upload of File with Dangerous Type

Attack Vector: Network Privileges: Low User Interaction: None

0

Attacker Value

Unknown

CVE-2021-3851

Disclosure Date: October 19, 2021 (last updated February 23, 2025)

firefly-iii is vulnerable to URL Redirection to Untrusted Site

Attack Vector: Network Privileges: Low User Interaction: Required

0

Attacker Value

Unknown

CVE-2021-3819

Disclosure Date: September 27, 2021 (last updated February 23, 2025)

firefly-iii is vulnerable to Cross-Site Request Forgery (CSRF)

Attack Vector: Network Privileges: None User Interaction: Required

0

Attacker Value

Unknown

CVE-2021-3728

Disclosure Date: August 23, 2021 (last updated February 23, 2025)

firefly-iii is vulnerable to Cross-Site Request Forgery (CSRF)

Attack Vector: Network Privileges: None User Interaction: Required

0

Attacker Value

Unknown

CVE-2021-3729

Disclosure Date: August 23, 2021 (last updated February 23, 2025)

firefly-iii is vulnerable to Cross-Site Request Forgery (CSRF)

Attack Vector: Network Privileges: None User Interaction: Required

0

Attacker Value

Unknown

CVE-2021-3730

Disclosure Date: August 23, 2021 (last updated February 23, 2025)

firefly-iii is vulnerable to Cross-Site Request Forgery (CSRF)

Attack Vector: Network Privileges: None User Interaction: Required

0

Attacker Value

Unknown

CVE-2021-3663

Disclosure Date: July 25, 2021 (last updated February 23, 2025)

firefly-iii is vulnerable to Improper Restriction of Excessive Authentication Attempts

Attack Vector: Network Privileges: None User Interaction: None

0

Attacker Value

Unknown

CVE-2019-14669

Disclosure Date: August 05, 2019 (last updated November 27, 2024)

Firefly III 4.7.17.3 is vulnerable to stored XSS due to the lack of filtration of user-supplied data in the asset account name. The JavaScript code is executed during a visit to the audit account statistics page.

0

Attacker Value

Unknown

CVE-2019-14672

Disclosure Date: August 05, 2019 (last updated November 27, 2024)

Firefly III 4.7.17.5 is vulnerable to stored XSS due to the lack of filtration of user-supplied data in the liability name field. The JavaScript code is executed upon an error condition during a visit to the account show page.

0

Attacker Value

Unknown

CVE-2019-14667

Disclosure Date: August 05, 2019 (last updated November 27, 2024)

Firefly III 4.7.17.4 is vulnerable to multiple stored XSS issues due to the lack of filtration of user-supplied data in the transaction description field and the asset account name. The JavaScript code is executed during a convert transaction action.

0