pkg:Packagist/grumpydictator/firefly-iii

All known vulnerabilities

• HIGH8.8CVE-2021-3846Unrestricted File Upload vulnerability in Firefly III
  from 0, < 5.6.2
• MEDIUM6.5CVE-2024-22075Firefly III allows webhooks HTML Injection.
  from 0, < 6.1.1
• MEDIUM6.5CVE-2023-0298Improper Authorization in grumpydictator/firefly-iii
  from 0, < 5.8.0
• MEDIUM6.5Cross-Site Request Forgery in firefly-iii
  from 0, <= 5.6.2
• MEDIUM6.5firefly-iii is vulnerable to Cross-Site Request Forgery (CSRF)
  from 0, < 5.6.0
• MEDIUM6.5firefly-iii is vulnerable to Cross-Site Request Forgery (CSRF)
  from 0, < 5.6.0
• MEDIUM5.9Firefly III has a MFA bypass in oauth flow
  from 0, < 6.1.17
• MEDIUM5.9Firefly III vulnerable to improper input validation
  from 0, < 6.0.0
• MEDIUM5.4Firefly III vulnerable to image-based stored XSS
  from 0, < 4.7.17.3
• MEDIUM5.4Firefly III vulnerable to reflected cross-site scripting
  from 0, < 4.7.17.3
• MEDIUM5.4Firefly III vulnerable to stored XSS
  from 0, < 4.7.17.3
• MEDIUM5.4Firefly III vulnerable to stored XSS
  from 0, < 4.7.17.1
• MEDIUM5.4firefly-iii is vulnerable to Cross-Site Request Forgery (CSRF)
  from 0, < 5.6.3
• MEDIUM5.3No Restriction of Excessive Authentication Attempts in Firefly III
  from 0, < 5.5.13
• MEDIUM5.0Open Redirect in firefly-iii
  from 0, < 5.6.2
• MEDIUM4.3Cross Site Request Forgery in firefly-iii
  from 0, < 5.6.5
• MEDIUM4.3firefly-iii is vulnerable to Cross-Site Request Forgery (CSRF)
  from 0, < 5.6.5
• MEDIUM4.3Cross-Site Request Forgery in firefly-iii
  from 0, < 5.6.1
• MEDIUM4.3firefly-iii is vulnerable to Cross-Site Request Forgery (CSRF)
  from 0, < 5.6.0
• MEDIUM4.2Firefly III insufficiently expires sessions
  from 0, < 6.0.0
• LOW3.5Cross-Site Request Forgery in firefly-iii
  from 0, <= 5.6.2
• LOW3.3Improper Input Validation in Firefly III
  from 0, < 4.7.17.4