Description
Current version of Firefly III Version 4.7.17.2 is vulnerable to stored XSS due to lack of filtration of user-supplied data in file names. Malicious attacker can upload specially crafted image, which contains javascript code in its name. Malicious javascript code will be executed when user edit this attachment (http://firefly.host/attachments/edit/$file_id$).
But this file can be created only on Linux or you can edit field name in local proxy (e.g. Burp Suite)
If you want to edit request you should change this part of request, mainly filename part
Description
Current version of Firefly III Version 4.7.17.2 is vulnerable to stored XSS due to lack of filtration of user-supplied data in file names. Malicious attacker can upload specially crafted image, which contains javascript code in its name. Malicious javascript code will be executed when user edit this attachment (http://firefly.host/attachments/edit/$file_id$).
But this file can be created only on Linux or you can edit field name in local proxy (e.g. Burp Suite)
If you want to edit request you should change this part of request, mainly filename part
Request
Steps to reproduce
PoC image

Image for testing
xss_file_name_file.zip
The text was updated successfully, but these errors were encountered: