{"id":"CVE-2019-14670","details":"Firefly III 4.7.17.3 is vulnerable to stored XSS due to the lack of filtration of user-supplied data in the bill name field. The JavaScript code is executed during rule-from-bill creation.","modified":"2026-04-10T04:14:52.595555Z","published":"2019-08-05T20:15:12.127Z","references":[{"type":"FIX","url":"https://github.com/firefly-iii/firefly-iii/commit/692b256f3f6d9eab992a72eb042844220b314054"},{"type":"EVIDENCE","url":"https://github.com/firefly-iii/firefly-iii/issues/2365"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/firefly-iii/firefly-iii","events":[{"introduced":"0"},{"last_affected":"7d482aa24cf20ce099400618f4089e641da3b930"},{"fixed":"692b256f3f6d9eab992a72eb042844220b314054"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"4.7.17.3"}]}}],"versions":["3.0.0","3.0.1","3.0.2","3.1","3.1.1","3.1.3","3.1.4","3.1.5","3.10","3.10.1","3.10.2","3.10.3","3.10.4","3.2.5","3.3","3.3.1","3.3.2","3.3.3","3.3.4","3.3.5","3.4.10","3.4.11","3.4.6.1","3.4.7","3.4.8","3.4.9","3.5.0","3.5.1","3.5.2","3.5.3","3.5.4","3.5.5","3.5.6","3.5.6.1","3.6.0","3.6.1","3.7.0","3.7.1","3.7.2","3.7.2.1","3.7.2.2","3.7.2.3","3.8.0","3.8.1","3.8.2","3.8.3","3.8.4","3.9.0","3.9.1","4.0.0","4.0.1","4.0.2","4.1.0","4.1.1","4.1.2","4.1.3","4.1.4","4.1.5","4.1.6","4.1.7","4.2.0","4.2.1","4.2.2","4.3.0","4.3.1","4.3.2","4.3.3","4.3.4","4.3.5","4.3.6","4.3.7","4.3.8","4.4.0","4.4.1","4.4.2","4.4.3","4.5.0","4.6.0","4.6.1","4.6.10","4.6.11","4.6.11.1","4.6.12","4.6.13","4.6.2","4.6.3","4.6.3.1","4.6.4","4.6.5","4.6.6","4.6.7","4.6.8","4.6.9","4.7.0","4.7.1","4.7.1.1","4.7.1.2","4.7.1.3","4.7.1.4","4.7.10","4.7.11","4.7.12","4.7.12.1","4.7.13","4.7.14","4.7.15","4.7.16","4.7.17","4.7.17.1","4.7.17.2","4.7.17.3","4.7.2","4.7.2.1","4.7.2.2","4.7.3","4.7.3.1","4.7.3.2","4.7.4","4.7.5","4.7.5.1","4.7.5.2","4.7.5.3","4.7.6","4.7.6.1","4.7.6.2","4.7.7","4.7.8","4.7.9","account-repos","chart-fix"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2019-14670.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"}]}