📦 Firefly Iii

by Firefly Iii

🔍 What is Firefly Iii?

Description coming soon...

🛡️ Security Overview

Click on a severity to filter vulnerabilities

⚠️ Known Vulnerabilities

CVE-2023-1788

CRITICAL CVSS 9.8 Apr 5, 2023

CVE-2023-1788 is an insufficient session expiration vulnerability in Firefly III personal finance software that allows attackers to maintain access to user sessions indefinitely after logout. This aff...

CVE-2023-1789

CRITICAL CVSS 9.8 Apr 1, 2023

CVE-2023-1789 is an improper input validation vulnerability in Firefly III personal finance software that allows attackers to execute arbitrary code on affected systems. This affects all users running...

CVE-2021-3901

HIGH CVSS 8.8 Oct 27, 2021

CVE-2021-3901 is a Cross-Site Request Forgery (CSRF) vulnerability in Firefly III personal finance software that allows attackers to trick authenticated users into performing unintended actions. This ...

CVE-2021-3846

HIGH CVSS 8.8 Oct 19, 2021

CVE-2021-3846 is an unrestricted file upload vulnerability in Firefly III personal finance software that allows attackers to upload dangerous file types. This could lead to remote code execution or se...

CVE-2021-3819

HIGH CVSS 8.8 Sep 27, 2021

CVE-2021-3819 is a Cross-Site Request Forgery (CSRF) vulnerability in firefly-iii personal finance software. It allows attackers to trick authenticated users into performing unintended actions like mo...

CVE-2021-3663

HIGH CVSS 7.5 Jul 25, 2021

CVE-2021-3663 is an authentication rate limiting vulnerability in Firefly III personal finance software that allows attackers to perform unlimited login attempts without lockout mechanisms. This enabl...