GHSA-mrc2-h7q2-pp97

Опубликовано: 24 мая 2022

Источник: github

Github: Прошло ревью

CVSS3: 5.4

Описание

Firefly III vulnerable to reflected cross-site scripting

Firefly III before 4.7.17.3 is vulnerable to reflected XSS due to lack of filtration of user-supplied data in a search query.

Ссылки

Пакеты

Наименование

grumpydictator/firefly-iii

composer

Затронутые версииВерсия исправления

< 4.7.17.3

4.7.17.3

EPSS

Процентиль: 51%

0.00281

Низкий

5.4 Medium

CVSS3

CVE ID

CVE-2019-13646

Дефекты

CWE-79

Связанные уязвимости

CVE-2019-13646

CVSS3: 5.4

nvd

больше 6 лет назад

Firefly III before 4.7.17.3 is vulnerable to reflected XSS due to lack of filtration of user-supplied data in a search query. NOTE: It is asserted that an attacker must have the same access rights as the user in order to be able to execute the vulnerability

EPSS

Процентиль: 51%

0.00281

Низкий

5.4 Medium

CVSS3

CVE ID

CVE-2019-13646

Дефекты

CWE-79