mirror of
https://github.com/0xMarcio/cve.git
synced 2025-05-28 01:04:30 +00:00
919 B
919 B
CVE-2019-13644
Description
** DISPUTED ** Firefly III before 4.7.17.1 is vulnerable to stored XSS due to lack of filtration of user-supplied data in a budget name. The JavaScript code is contained in a transaction, and is executed on the tags/show/tag_number tag summary page. NOTE: It is asserted that an attacker must have the same access rights as the user in order to be able to execute the vulnerability.
POC
Reference
- https://github.com/firefly-iii/firefly-iii/issues/2335
- https://github.com/firefly-iii/firefly-iii/issues/2335
Github
No PoCs found on GitHub currently.