Lucene search
K

58 matches found

Debian CVE
Debian CVE
added 2022/08/01 2:12 p.m.31 views

CVE-2022-2589

Cross-site Scripting XSS - Reflected in GitHub repository beancount/fava prior to 1.22.3...

6.9CVSS6.1AI score0.00605EPSS
Exploits1
OSV
OSV
added 2022/08/01 2:12 p.m.16 views

CVE-2022-2589 Cross-site Scripting (XSS) - Reflected in beancount/fava

Cross-site Scripting XSS - Reflected in GitHub repository beancount/fava prior to 1.22.3...

6.9CVSS6.8AI score0.00605EPSS
Exploits1References4
CVE
CVE
added 2022/08/01 2:12 p.m.103 views

CVE-2022-2589

CVE-2022-2589 affects the Beancount/Fava project: a reflected Cross-site Scripting (XSS) vulnerability due to improper validation on filter conversion in Fava before version 1.22.3. Affected component: Fava web UI logic (filter handling). Impact: potential credential or data exposure via crafted ...

6.9CVSS6AI score0.00605EPSS
Exploits1References2Affected Software1
CNNVD
CNNVD
added 2022/08/01 12:0 a.m.5 views

fava 跨站脚本漏洞

fava is the web interface for Beancount, a double-entry bookkeeping software open source by Beancount. A cross-site scripting vulnerability exists in fava, which stems from a cross-site scripting vulnerability in fava before 1.22.3...

6.9CVSS6.2AI score0.00605EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2022/08/01 12:0 a.m.2 views

PT-2022-17587 · Fava +1 · Fava +1

Name of the Vulnerable Software and Affected Versions: Fava versions prior to 1.22.3 Description: The issue is related to Cross-site Scripting XSS - Reflected, which occurs due to improper validation on filter conversion. This allows for malicious scripts to be injected into the website,...

6.9CVSS5.9AI score0.00605EPSS
Exploits1References16
Huntr
Huntr
added 2022/07/28 11:29 p.m.21 views

Reflected XSS on conversion filter function

Description Fava v1.22 have a conversion filter function on income statement dashboard which allow user to perform XSS due to improper validation on filter conversion. Proof of Concept 1 Navigate to Fava demo instance https://fava.pythonanywhere.com/example-beancount-file/incomestatement/. 2 Filt...

5.8CVSS0.6AI score0.00605EPSS
Exploits1
OSV
OSV
added 2022/07/26 12:1 a.m.16 views

GHSA-Q8HG-3VQV-F8V3 Fava vulnerable to Reflected Cross-site Scripting

Cross-site Scripting XSS - Reflected in GitHub repository beancount/fava prior to 1.22.2. The querystring parameter of Fava is vulnerable to reflected cross-site scripting, for which a attacker can modify any information that the user is able to modify. This issue is fixed in version 1.22.2...

6.1CVSS5.7AI score0.00698EPSS
Exploits1References6
OSV
OSV
added 2022/07/26 12:1 a.m.23 views

GHSA-XRF4-39FM-J5F2 Fava time and filter parameters vulnerable to reflected Cross-site Scripting

The time and filter parameters in Fava prior to v1.22 are vulnerable to reflected cross-site scripting due to the lack of escaping of error messages which contained the parameters in verbatim...

6.1CVSS5.8AI score0.00698EPSS
Exploits1References7
Github Security Blog
Github Security Blog
added 2022/07/26 12:1 a.m.16 views

Fava vulnerable to Reflected Cross-site Scripting

Cross-site Scripting XSS - Reflected in GitHub repository beancount/fava prior to 1.22.2. The querystring parameter of Fava is vulnerable to reflected cross-site scripting, for which a attacker can modify any information that the user is able to modify. This issue is fixed in version 1.22.2...

8CVSS5.8AI score0.00698EPSS
Exploits1References5Affected Software1
Github Security Blog
Github Security Blog
added 2022/07/26 12:1 a.m.26 views

Fava time and filter parameters vulnerable to reflected Cross-site Scripting

The time and filter parameters in Fava prior to v1.22 are vulnerable to reflected cross-site scripting due to the lack of escaping of error messages which contained the parameters in verbatim...

8CVSS6.1AI score0.00698EPSS
Exploits1References6Affected Software1
OSV
OSV
added 2022/07/25 2:15 p.m.2 views

DEBIAN-CVE-2022-2523

Cross-site Scripting XSS - Reflected in GitHub repository beancount/fava prior to 1.22.2...

6.1CVSS6.9AI score0.00698EPSS
Exploits1References1
NVD
NVD
added 2022/07/25 2:15 p.m.12 views

CVE-2022-2514

The time and filter parameters in Fava prior to v1.22 are vulnerable to reflected XSS due to the lack of escaping of error messages which contained the parameters in verbatim...

8CVSS0.00698EPSS
Exploits1References2
OSV
OSV
added 2022/07/25 2:15 p.m.6 views

PYSEC-2022-43182

The time and filter parameters in Fava prior to v1.22 are vulnerable to reflected XSS due to the lack of escaping of error messages which contained the parameters in verbatim...

6.1CVSS6.9AI score0.00698EPSS
Exploits1References2
NVD
NVD
added 2022/07/25 2:15 p.m.13 views

CVE-2022-2523

Cross-site Scripting XSS - Reflected in GitHub repository beancount/fava prior to 1.22.2...

8CVSS0.00698EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 2022/07/25 2:15 p.m.2 views

CVE-2022-2523

Cross-site Scripting XSS - Reflected in GitHub repository beancount/fava prior to 1.22.2...

8CVSS6.8AI score0.00698EPSS
Exploits1References3
ATTACKERKB
ATTACKERKB
added 2022/07/25 2:15 p.m.20 views

CVE-2022-2514

The time and filter parameters in Fava prior to v1.22 are vulnerable to reflected XSS due to the lack of escaping of error messages which contained the parameters in verbatim...

8CVSS6.8AI score0.00698EPSS
Exploits1References3
OSV
OSV
added 2022/07/25 2:15 p.m.4 views

DEBIAN-CVE-2022-2514

The time and filter parameters in Fava prior to v1.22 are vulnerable to reflected XSS due to the lack of escaping of error messages which contained the parameters in verbatim...

6.1CVSS6.7AI score0.00698EPSS
Exploits1References1
PyPA
PyPA
added 2022/07/25 2:15 p.m.10 views

PYSEC-2022-43182

Withdrawn as duplicate of PYSEC-2022-239. The time and filter parameters in Fava prior to v1.22 are vulnerable to reflected XSS due to the lack of escaping of error messages which contained the parameters in verbatim...

8CVSS6.8AI score0.00698EPSS
Exploits1References2
Prion
Prion
added 2022/07/25 2:15 p.m.5 views

Cross site scripting

The time and filter parameters in Fava prior to v1.22 are vulnerable to reflected XSS due to the lack of escaping of error messages which contained the parameters in verbatim...

5.8CVSS5.9AI score0.00698EPSS
Exploits1References2Affected Software1
OSV
OSV
added 2022/07/25 2:15 p.m.20 views

PYSEC-2022-239

The time and filter parameters in Fava prior to v1.22 are vulnerable to reflected XSS due to the lack of escaping of error messages which contained the parameters in verbatim...

8CVSS3.7AI score0.00698EPSS
Exploits1References3
Rows per page
Query Builder