58 matches found
CVE-2022-2589
Cross-site Scripting XSS - Reflected in GitHub repository beancount/fava prior to 1.22.3...
CVE-2022-2589 Cross-site Scripting (XSS) - Reflected in beancount/fava
Cross-site Scripting XSS - Reflected in GitHub repository beancount/fava prior to 1.22.3...
CVE-2022-2589
CVE-2022-2589 affects the Beancount/Fava project: a reflected Cross-site Scripting (XSS) vulnerability due to improper validation on filter conversion in Fava before version 1.22.3. Affected component: Fava web UI logic (filter handling). Impact: potential credential or data exposure via crafted ...
fava 跨站脚本漏洞
fava is the web interface for Beancount, a double-entry bookkeeping software open source by Beancount. A cross-site scripting vulnerability exists in fava, which stems from a cross-site scripting vulnerability in fava before 1.22.3...
PT-2022-17587 · Fava +1 · Fava +1
Name of the Vulnerable Software and Affected Versions: Fava versions prior to 1.22.3 Description: The issue is related to Cross-site Scripting XSS - Reflected, which occurs due to improper validation on filter conversion. This allows for malicious scripts to be injected into the website,...
Reflected XSS on conversion filter function
Description Fava v1.22 have a conversion filter function on income statement dashboard which allow user to perform XSS due to improper validation on filter conversion. Proof of Concept 1 Navigate to Fava demo instance https://fava.pythonanywhere.com/example-beancount-file/incomestatement/. 2 Filt...
GHSA-Q8HG-3VQV-F8V3 Fava vulnerable to Reflected Cross-site Scripting
Cross-site Scripting XSS - Reflected in GitHub repository beancount/fava prior to 1.22.2. The querystring parameter of Fava is vulnerable to reflected cross-site scripting, for which a attacker can modify any information that the user is able to modify. This issue is fixed in version 1.22.2...
GHSA-XRF4-39FM-J5F2 Fava time and filter parameters vulnerable to reflected Cross-site Scripting
The time and filter parameters in Fava prior to v1.22 are vulnerable to reflected cross-site scripting due to the lack of escaping of error messages which contained the parameters in verbatim...
Fava vulnerable to Reflected Cross-site Scripting
Cross-site Scripting XSS - Reflected in GitHub repository beancount/fava prior to 1.22.2. The querystring parameter of Fava is vulnerable to reflected cross-site scripting, for which a attacker can modify any information that the user is able to modify. This issue is fixed in version 1.22.2...
Fava time and filter parameters vulnerable to reflected Cross-site Scripting
The time and filter parameters in Fava prior to v1.22 are vulnerable to reflected cross-site scripting due to the lack of escaping of error messages which contained the parameters in verbatim...
DEBIAN-CVE-2022-2523
Cross-site Scripting XSS - Reflected in GitHub repository beancount/fava prior to 1.22.2...
CVE-2022-2514
The time and filter parameters in Fava prior to v1.22 are vulnerable to reflected XSS due to the lack of escaping of error messages which contained the parameters in verbatim...
PYSEC-2022-43182
The time and filter parameters in Fava prior to v1.22 are vulnerable to reflected XSS due to the lack of escaping of error messages which contained the parameters in verbatim...
CVE-2022-2523
Cross-site Scripting XSS - Reflected in GitHub repository beancount/fava prior to 1.22.2...
CVE-2022-2523
Cross-site Scripting XSS - Reflected in GitHub repository beancount/fava prior to 1.22.2...
CVE-2022-2514
The time and filter parameters in Fava prior to v1.22 are vulnerable to reflected XSS due to the lack of escaping of error messages which contained the parameters in verbatim...
DEBIAN-CVE-2022-2514
The time and filter parameters in Fava prior to v1.22 are vulnerable to reflected XSS due to the lack of escaping of error messages which contained the parameters in verbatim...
PYSEC-2022-43182
Withdrawn as duplicate of PYSEC-2022-239. The time and filter parameters in Fava prior to v1.22 are vulnerable to reflected XSS due to the lack of escaping of error messages which contained the parameters in verbatim...
Cross site scripting
The time and filter parameters in Fava prior to v1.22 are vulnerable to reflected XSS due to the lack of escaping of error messages which contained the parameters in verbatim...
PYSEC-2022-239
The time and filter parameters in Fava prior to v1.22 are vulnerable to reflected XSS due to the lack of escaping of error messages which contained the parameters in verbatim...