HTML injection leads to Open Redirect in firefly-iii/firefly-iii

Valid

Reported on

Feb 15th 2023


Description

Hello, I have located an html injection in the symbol field:

Steps : 1 - log in as administrator 2 - Go to Options 3 - Go to Currencies 4 - Insert the html code in the symbol field and by inserting the following payload i was able to redirect the user to a malicious site. <A HREF="http://evil.com">CLICK ME</A>

Proof of Concept

Alt Text

Impact

As shown in the gif above changing the symbol interferes with much of the site structure where it can redirect the user to a malicious site.

We are processing your report and will contact the firefly-iii team within 24 hours. 3 months ago
We have contacted a member of the firefly-iii team and are waiting to hear back 3 months ago
James Cole modified the Severity from Medium (5.2) to Medium (5.2) 3 months ago
James Cole validated this vulnerability 3 months ago

Nice

Dan Barros has been awarded the disclosure bounty
The fix bounty is now up for grabs
The researcher's credibility has increased: +7
James Cole marked this as fixed in 6.0.0 with commit 6b05c0 3 months ago
James Cole has been awarded the fix bounty
This vulnerability has been assigned a CVE
This vulnerability is scheduled to go public on Apr 1st 2023
James Cole published this vulnerability a month ago
to join this conversation