CVE-2020-27981

CVE-2020-27981

An XSS vulnerability in the auto-complete function of the description field (for new or edited transactions) in Firefly III before 5.4.5 allows the user to execute JavaScript via suggested transaction titles. NOTE: this is exploitable only in a non-default configuration where Content Security Policy headers are disabled.

Source: CVE-2020-27981

답글 남기기

이메일 주소는 공개되지 않습니다. 필수 필드는 *로 표시됩니다