Bug description
Current version of Firefly III Version 4.7.17.5 is vulnerable to stored XSS due to lack of filtration of user-supplied data in liability name field. Malicious attacker can create specially crafted request, which contains javascript code in it. Malicious javascript code will be executed when user visit link below.
Steps to reproduce
Set a new liability account with name "<script>alert("XSS in liability error")</script>" , also set "Start amount of debt" to 1, "start date of debt" to any date, "interest" to 1. Save it.
Go to /accounts/show/[id_of_your_liability]/all. You will see transaction with "to" and "from" fields. Grab id of account from link in "to" field. It's often id_of_your_liability + 1.
Go to /accounts/delete/[id_of_your_liability], and delete liability.
Now every time you visit /accounts/show/[Id which you grab before from "to" field] xss will execute.
Extra info
Tested on Mozilla 60.4.0esr (64-bit)
The text was updated successfully, but these errors were encountered:
Bug description
Current version of Firefly III Version 4.7.17.5 is vulnerable to stored XSS due to lack of filtration of user-supplied data in liability name field. Malicious attacker can create specially crafted request, which contains javascript code in it. Malicious javascript code will be executed when user visit link below.
Steps to reproduce
Extra info
Tested on Mozilla 60.4.0esr (64-bit)
The text was updated successfully, but these errors were encountered: