grumpydictator/firefly-iii · IA Squad

Skip to content

php · grumpydictator/firefly-iiiHeads-up

Firefly III Stored XSS in Piggy Bank Names via Audit Logs

Stored XSS vulnerability: piggy bank names are rendered unsanitized in audit log views, allowing arbitrary JavaScript execution.

13 Jun 2026 · schedule it