Description
Current version of Firefly III Version 4.7.17.3 is vulnerable to stored XSS due to lack of filtration of user-supplied data in transaction description field. Malicious attacker can create specially crafted request, which contains javascript code in it. Malicious javascript code will be executed when user visit links below.
Steps to reproduce
Add 2 new transactions with description "<script>alert("XSS in transaction description");</script>" and "<script>alert("XSS in transaction description 2");</script>"
Link them together.
Visit
/transactions/link/delete/[id of your link]
You can navigate there from transaction menu.
See 4 alerts (two first transaction description payloads, two second transaction description payloads) POC Image
Extra info
Tested on Mozilla 60.4.0esr (64-bit)
The text was updated successfully, but these errors were encountered:
JC5
added
bug
Verified and replicated bugs and issues.
fixed
Bugs that are fixed (in a coming release).
labels
Aug 2, 2019
Description
Current version of Firefly III Version 4.7.17.3 is vulnerable to stored XSS due to lack of filtration of user-supplied data in transaction description field. Malicious attacker can create specially crafted request, which contains javascript code in it. Malicious javascript code will be executed when user visit links below.
Steps to reproduce
You can navigate there from transaction menu.

See 4 alerts (two first transaction description payloads, two second transaction description payloads)
POC Image
Extra info
Tested on Mozilla 60.4.0esr (64-bit)
The text was updated successfully, but these errors were encountered: