Lucene search
+L

58 matches found

debiancve
debiancve
added 2022/08/01 2:12 p.m.33 views

CVE-2022-2589

Cross-site Scripting XSS - Reflected in GitHub repository beancount/fava prior to 1.22.3...

6.9CVSS6.1AI score0.00605EPSS
Exploits1
cvelist
cvelist
added 2022/08/01 2:12 p.m.18 views

CVE-2022-2589 Cross-site Scripting (XSS) - Reflected in beancount/fava

Cross-site Scripting XSS - Reflected in GitHub repository beancount/fava prior to 1.22.3...

6.9CVSS6.2AI score0.00605EPSS
Exploits1References2
osv
osv
added 2022/08/01 2:12 p.m.18 views

CVE-2022-2589 Cross-site Scripting (XSS) - Reflected in beancount/fava

Cross-site Scripting XSS - Reflected in GitHub repository beancount/fava prior to 1.22.3...

6.9CVSS6.8AI score0.00605EPSS
Exploits1References4
cnnvd
cnnvd
added 2022/08/01 12:0 a.m.6 views

fava 跨站脚本漏洞

fava is the web interface for Beancount, a double-entry bookkeeping software open source by Beancount. A cross-site scripting vulnerability exists in fava, which stems from a cross-site scripting vulnerability in fava before 1.22.3...

6.9CVSS6.2AI score0.00605EPSS
Exploits1References3
ptsecurity
ptsecurity
added 2022/08/01 12:0 a.m.3 views

PT-2022-17587 · Fava +1 · Fava +1

Name of the Vulnerable Software and Affected Versions: Fava versions prior to 1.22.3 Description: The issue is related to Cross-site Scripting XSS - Reflected, which occurs due to improper validation on filter conversion. This allows for malicious scripts to be injected into the website,...

6.9CVSS5.9AI score0.00605EPSS
Exploits1References16
huntr
huntr
added 2022/07/28 11:29 p.m.21 views

Reflected XSS on conversion filter function

Description Fava v1.22 have a conversion filter function on income statement dashboard which allow user to perform XSS due to improper validation on filter conversion. Proof of Concept 1 Navigate to Fava demo instance https://fava.pythonanywhere.com/example-beancount-file/incomestatement/. 2 Filt...

5.8CVSS0.6AI score0.00605EPSS
Exploits1
osv
osv
added 2022/07/26 12:1 a.m.16 views

GHSA-Q8HG-3VQV-F8V3 Fava vulnerable to Reflected Cross-site Scripting

Cross-site Scripting XSS - Reflected in GitHub repository beancount/fava prior to 1.22.2. The querystring parameter of Fava is vulnerable to reflected cross-site scripting, for which a attacker can modify any information that the user is able to modify. This issue is fixed in version 1.22.2...

6.1CVSS5.7AI score0.00698EPSS
Exploits1References6
osv
osv
added 2022/07/26 12:1 a.m.24 views

GHSA-XRF4-39FM-J5F2 Fava time and filter parameters vulnerable to reflected Cross-site Scripting

The time and filter parameters in Fava prior to v1.22 are vulnerable to reflected cross-site scripting due to the lack of escaping of error messages which contained the parameters in verbatim...

6.1CVSS5.8AI score0.00698EPSS
Exploits1References7
github
github
added 2022/07/26 12:1 a.m.27 views

Fava time and filter parameters vulnerable to reflected Cross-site Scripting

The time and filter parameters in Fava prior to v1.22 are vulnerable to reflected cross-site scripting due to the lack of escaping of error messages which contained the parameters in verbatim...

8CVSS6.1AI score0.00698EPSS
Exploits1References6Affected Software1
github
github
added 2022/07/26 12:1 a.m.17 views

Fava vulnerable to Reflected Cross-site Scripting

Cross-site Scripting XSS - Reflected in GitHub repository beancount/fava prior to 1.22.2. The querystring parameter of Fava is vulnerable to reflected cross-site scripting, for which a attacker can modify any information that the user is able to modify. This issue is fixed in version 1.22.2...

8CVSS5.8AI score0.00698EPSS
Exploits1References5Affected Software1
nvd
nvd
added 2022/07/25 2:15 p.m.12 views

CVE-2022-2514

The time and filter parameters in Fava prior to v1.22 are vulnerable to reflected XSS due to the lack of escaping of error messages which contained the parameters in verbatim...

8CVSS0.00698EPSS
Exploits1References2
nvd
nvd
added 2022/07/25 2:15 p.m.14 views

CVE-2022-2523

Cross-site Scripting XSS - Reflected in GitHub repository beancount/fava prior to 1.22.2...

8CVSS0.00698EPSS
Exploits1References2
pypa
pypa
added 2022/07/25 2:15 p.m.10 views

PYSEC-2022-43182

Withdrawn as duplicate of PYSEC-2022-239. The time and filter parameters in Fava prior to v1.22 are vulnerable to reflected XSS due to the lack of escaping of error messages which contained the parameters in verbatim...

8CVSS6.8AI score0.00698EPSS
Exploits1References2
attackerkb
attackerkb
added 2022/07/25 2:15 p.m.20 views

CVE-2022-2514

The time and filter parameters in Fava prior to v1.22 are vulnerable to reflected XSS due to the lack of escaping of error messages which contained the parameters in verbatim...

8CVSS6.8AI score0.00698EPSS
Exploits1References3
attackerkb
attackerkb
added 2022/07/25 2:15 p.m.3 views

CVE-2022-2523

Cross-site Scripting XSS - Reflected in GitHub repository beancount/fava prior to 1.22.2...

8CVSS6.8AI score0.00698EPSS
Exploits1References3
osv
osv
added 2022/07/25 2:15 p.m.4 views

DEBIAN-CVE-2022-2514

The time and filter parameters in Fava prior to v1.22 are vulnerable to reflected XSS due to the lack of escaping of error messages which contained the parameters in verbatim...

6.1CVSS6.7AI score0.00698EPSS
Exploits1References1
osv
osv
added 2022/07/25 2:15 p.m.3 views

DEBIAN-CVE-2022-2523

Cross-site Scripting XSS - Reflected in GitHub repository beancount/fava prior to 1.22.2...

6.1CVSS6.9AI score0.00698EPSS
Exploits1References1
osv
osv
added 2022/07/25 2:15 p.m.7 views

PYSEC-2022-43182

Withdrawn as duplicate of PYSEC-2022-239. The time and filter parameters in Fava prior to v1.22 are vulnerable to reflected XSS due to the lack of escaping of error messages which contained the parameters in verbatim...

6.1CVSS6.7AI score0.00698EPSS
Exploits1References2
prion
prion
added 2022/07/25 2:15 p.m.10 views

Cross site scripting

Cross-site Scripting XSS - Reflected in GitHub repository beancount/fava prior to 1.22.2...

5.8CVSS6AI score0.00698EPSS
Exploits1References2Affected Software1
prion
prion
added 2022/07/25 2:15 p.m.6 views

Cross site scripting

The time and filter parameters in Fava prior to v1.22 are vulnerable to reflected XSS due to the lack of escaping of error messages which contained the parameters in verbatim...

5.8CVSS5.9AI score0.00698EPSS
Exploits1References2Affected Software1
Rows per page
Query Builder