Search Results | AttackerKB

Show filters

Topics 33 Users 9,714

Clear All

Disclosure Date

Disclosure Year Disclosure Month

Collection Command and Control Credential Access Defense Evasion Discovery Execution Exfiltration Impact Initial Access Lateral Movement Persistence Privilege Escalation

33 Total Results

Displaying 11-20 of 33

Attacker Value

Unknown

CVE-2021-3846

Disclosure Date: October 19, 2021 (last updated February 23, 2025)

firefly-iii is vulnerable to Unrestricted Upload of File with Dangerous Type

Attack Vector: Network Privileges: Low User Interaction: None

0

Attacker Value

Unknown

CVE-2021-3851

Disclosure Date: October 19, 2021 (last updated February 23, 2025)

firefly-iii is vulnerable to URL Redirection to Untrusted Site

Attack Vector: Network Privileges: Low User Interaction: Required

0

Attacker Value

Unknown

CVE-2021-3819

Disclosure Date: September 27, 2021 (last updated February 23, 2025)

firefly-iii is vulnerable to Cross-Site Request Forgery (CSRF)

Attack Vector: Network Privileges: None User Interaction: Required

0

Attacker Value

Unknown

CVE-2021-3728

Disclosure Date: August 23, 2021 (last updated February 23, 2025)

firefly-iii is vulnerable to Cross-Site Request Forgery (CSRF)

Attack Vector: Network Privileges: None User Interaction: Required

0

Attacker Value

Unknown

CVE-2021-3729

Disclosure Date: August 23, 2021 (last updated February 23, 2025)

firefly-iii is vulnerable to Cross-Site Request Forgery (CSRF)

Attack Vector: Network Privileges: None User Interaction: Required

0

Attacker Value

Unknown

CVE-2021-3730

Disclosure Date: August 23, 2021 (last updated February 23, 2025)

firefly-iii is vulnerable to Cross-Site Request Forgery (CSRF)

Attack Vector: Network Privileges: None User Interaction: Required

0

Attacker Value

Unknown

CVE-2021-3663

Disclosure Date: July 25, 2021 (last updated February 23, 2025)

firefly-iii is vulnerable to Improper Restriction of Excessive Authentication Attempts

Attack Vector: Network Privileges: None User Interaction: None

0

Attacker Value

Unknown

CVE-2014-5138

Disclosure Date: January 14, 2020 (last updated February 21, 2025)

Innovative Interfaces Sierra Library Services Platform 1.2_3 does not properly handle query strings with multiple instances of the same parameter, which allows remote attackers to bypass parameter validation via unspecified vectors, possibly related to the Webpac Pro submodule.

Attack Vector: Network Privileges: None User Interaction: None

0

Attacker Value

Unknown

CVE-2019-14669

Disclosure Date: August 05, 2019 (last updated November 27, 2024)

Firefly III 4.7.17.3 is vulnerable to stored XSS due to the lack of filtration of user-supplied data in the asset account name. The JavaScript code is executed during a visit to the audit account statistics page.

0

Attacker Value

Unknown

CVE-2019-14672

Disclosure Date: August 05, 2019 (last updated November 27, 2024)

Firefly III 4.7.17.5 is vulnerable to stored XSS due to the lack of filtration of user-supplied data in the liability name field. The JavaScript code is executed upon an error condition during a visit to the account show page.

0