CVE-2024-22075: Firefly III allows webhooks HTML Injection.
(updated )
Firefly III (aka firefly-iii) before 6.1.1 allows webhooks HTML Injection.
References
- github.com/advisories/GHSA-vwv2-9wcj-64vx
- github.com/firefly-iii/firefly-iii
- github.com/firefly-iii/firefly-iii/commit/28021aa711500bbada649de8fab9e72b4084ab21
- github.com/firefly-iii/firefly-iii/releases/tag/v6.1.1
- nvd.nist.gov/vuln/detail/CVE-2024-22075
- www.sonarsource.com/blog/front-end-frameworks-when-bypassing-built-in-sanitization-might-backfire
Code Behaviors & Features
Detect and mitigate CVE-2024-22075 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →