Описание
Firefly III allows webhooks HTML Injection.
Firefly III (aka firefly-iii) before 6.1.1 allows webhooks HTML Injection.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2024-22075
- https://github.com/firefly-iii/firefly-iii/commit/28021aa711500bbada649de8fab9e72b4084ab21
- https://github.com/firefly-iii/firefly-iii/releases/tag/v6.1.1
- https://www.sonarsource.com/blog/front-end-frameworks-when-bypassing-built-in-sanitization-might-backfire
Пакеты
Наименование
grumpydictator/firefly-iii
composer
Затронутые версииВерсия исправления
< 6.1.1
6.1.1
Связанные уязвимости
CVSS3: 6.1
nvd
около 2 лет назад
Firefly III (aka firefly-iii) before 6.1.1 allows webhooks HTML Injection.