๐ CVE-2020-27981
๐ก Newskategorie: Sicherheitslรผcken
๐ Quelle: web.nvd.nist.gov
An XSS vulnerability in the auto-complete function of the description field (for new or edited transactions) in Firefly III before 5.4.5 allows the user to execute JavaScript via suggested transaction titles. NOTE: this is exploitable only in a non-default configuration where Content Security Policy headers are disabled. ...