Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

github логотип

GHSA-pcxq-28f6-m3fm

Опубликовано: 24 мая 2022
Источник: github
Github: Прошло ревью
CVSS3: 5.4

Описание

Firefly III vulnerable to image-based stored XSS

Firefly III before 4.7.17.3 is vulnerable to stored XSS due to lack of filtration of user-supplied data in image file content. The JavaScript code is executed during attachments/view/$file_id$ attachment viewing.

Ссылки

Пакеты

Наименование

grumpydictator/firefly-iii

composer
Затронутые версииВерсия исправления

< 4.7.17.3

4.7.17.3

EPSS

Процентиль: 43%
0.00206
Низкий

5.4 Medium

CVSS3

CVE ID

CVE-2019-13647

Дефекты

CWE-79

Связанные уязвимости

nvd логотип

CVE-2019-13647

CVSS3: 5.4
nvd
больше 6 лет назад

Firefly III before 4.7.17.3 is vulnerable to stored XSS due to lack of filtration of user-supplied data in image file content. The JavaScript code is executed during attachments/view/$file_id$ attachment viewing. NOTE: It is asserted that an attacker must have the same access rights as the user in order to be able to execute the vulnerability

EPSS

Процентиль: 43%
0.00206
Низкий

5.4 Medium

CVSS3

CVE ID

CVE-2019-13647

Дефекты

CWE-79