fava
by beancount
CVEs (3)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2022-2589 | 0.00 | — | 0.00 | Aug 1, 2022 | Cross-site Scripting (XSS) - Reflected in GitHub repository beancount/fava prior to 1.22.3. | |||
| CVE-2022-2523 | 0.00 | — | 0.00 | Jul 25, 2022 | Cross-site Scripting (XSS) - Reflected in GitHub repository beancount/fava prior to 1.22.2. | |||
| CVE-2022-2514 | 0.00 | — | 0.00 | Jul 25, 2022 | The time and filter parameters in Fava prior to v1.22 are vulnerable to reflected XSS due to the lack of escaping of error messages which contained the parameters in verbatim. |
- CVE-2022-2589Aug 1, 2022risk 0.00cvss —epss 0.00
Cross-site Scripting (XSS) - Reflected in GitHub repository beancount/fava prior to 1.22.3.
- CVE-2022-2523Jul 25, 2022risk 0.00cvss —epss 0.00
Cross-site Scripting (XSS) - Reflected in GitHub repository beancount/fava prior to 1.22.2.
- CVE-2022-2514Jul 25, 2022risk 0.00cvss —epss 0.00
The time and filter parameters in Fava prior to v1.22 are vulnerable to reflected XSS due to the lack of escaping of error messages which contained the parameters in verbatim.