Stored XSS vulnerability in Firefly III 4.7.17.5 via unfiltered user input in liability name field

Stored XSS vulnerability in Firefly III 4.7.17.5 via unfiltered user input in liability name field

CVE-2019-14672 · LOW Severity

AV:N/AC:M/AU:S/C:N/I:P/A:N

Firefly III 4.7.17.5 is vulnerable to stored XSS due to the lack of filtration of user-supplied data in the liability name field. The JavaScript code is executed upon an error condition during a visit to the account show page.

Learn more about our User Device Pen Test.