[MEDIUM] Firefly II has Stored XSS in Audit Log Entry view via piggy bank name (ale.twig)

PKSA-197r-m2ry-57db GHSA-6jq6-x4cx-qvcm

Affected version: <=6.6.2

Reported by:
GitHub

[MEDIUM] Firefly III has a MFA bypass in oauth flow

PKSA-t1gb-cctm-7jjf CVE-2024-37893 GHSA-4gm4-c4mh-4p7w

Affected version: <6.1.17

Reported by:
GitHub