Stored XSS vulnerability in Firefly III 4.7.17.3 via unfiltered user input in bill name field

Stored XSS vulnerability in Firefly III 4.7.17.3 via unfiltered user input in bill name field

CVE-2019-14670 · LOW Severity

AV:N/AC:M/AU:S/C:N/I:P/A:N

Firefly III 4.7.17.3 is vulnerable to stored XSS due to the lack of filtration of user-supplied data in the bill name field. The JavaScript code is executed during rule-from-bill creation.

Learn more about our User Device Pen Test.