0X2500

**Name of the Vulnerable Software and Affected Versions** Firefly III version 4.7.17.3 **Description** The issue allows an attacker to enumerate local files due to the lack of protocol scheme sanitization, such as for file:/// URLs. This is related to `fints url` in import/job/configuration and import/create/fints. **Recommendations** For Firefly III version 4.7.17.3, consider restricting access to the `fints url` parameter in the import/job/configuration and import/create/fints endpoints to minimize the risk of exploitation. Additionally, as a temporary workaround, consider sanitizing the protocol scheme for file:/// URLs to prevent local file enumeration.