Cross-Site Request Forgery (CSRF) in firefly-iii/firefly-iii
Valid
Reported on
Nov 23rd 2021
Description
CSRF in switching transactions link
Proof of Concept
<a href="http://10.0.2.15/transactions/link/switch/{id}">CLICK ME!</a>
Impact
This vulnerability is capable of tricking users to switch transaction links.
We are processing your report and will contact the
firefly-iii
team within 24 hours.
a year ago
haxatron modified the report
a year ago
haxatron modified the report
a year ago
We have contacted a member of the
firefly-iii
team and are waiting to hear back
a year ago
web.php#L1080L1081
has been validated
LinkController.php#L160L166
has been validated
show.js#L1L99
has been validated
to join this conversation