Join GitHub today
GitHub is home to over 40 million developers working together to host and review code, manage projects, and build software together.Sign up
Stored XSS in budget name #2335
Steps to reproduce
I have pushed 126.96.36.199 that should fix the bug and a similar one in category names. The docker builds are running now. In my haste, I completely forgot to credit you which I will do in my release post and on reddit, after you confirm the issue is gone.
I've reopened the issue as GitHub has automatically closed it.
I check commit - 45ddb64 and see only changes to versions in some files and change titles in other.
But anyway i got source code from https://github.com/firefly-iii/firefly-iii/releases/tag/188.8.131.52 and install it for checking.
Vulnerability still exist
I uploaded the video to the dropbox - (https://www.dropbox.com/s/gdr87bh4pat5ly5/xss_2.mov?dl=0)