grumpydictator/firefly-iii Security Advisories for v6.1.2 (3)
-
[MEDIUM] Firefly II has Stored XSS in Audit Log Entry view via piggy bank name (ale.twig)
PKSA-197r-m2ry-57db GHSA-6jq6-x4cx-qvcm
Affected version: <=6.6.2
Reported by:
GitHub -
[MEDIUM] Firefly III has a MFA bypass in oauth flow
PKSA-t1gb-cctm-7jjf CVE-2024-37893 GHSA-4gm4-c4mh-4p7w
Affected version: <6.1.17
Reported by:
GitHub -
[MEDIUM] C5 Firefly III CSV Injection.
PKSA-6dm2-zbyx-rmxw GHSA-29w6-c52g-m8jc
Affected version: <6.1.7
Reported by:
GitHub