Lucene search
K

58 matches found

OSV
OSV
added 2022/07/25 2:15 p.m.3 views

UBUNTU-CVE-2022-2523

Cross-site Scripting XSS - Reflected in GitHub repository beancount/fava prior to 1.22.2...

8CVSS6.8AI score0.00698EPSS
Exploits1References4
OSV
OSV
added 2022/07/25 2:15 p.m.22 views

PYSEC-2022-240

Cross-site Scripting XSS - Reflected in GitHub repository beancount/fava prior to 1.22.2...

8CVSS1.1AI score0.00698EPSS
Exploits1References3
PyPA
PyPA
added 2022/07/25 2:15 p.m.7 views

PYSEC-2022-239

The time and filter parameters in Fava prior to v1.22 are vulnerable to reflected XSS due to the lack of escaping of error messages which contained the parameters in verbatim...

8CVSS6.3AI score0.00698EPSS
Exploits1References3Affected Software1
PyPA
PyPA
added 2022/07/25 2:15 p.m.6 views

PYSEC-2022-240

Cross-site Scripting XSS - Reflected in GitHub repository beancount/fava prior to 1.22.2...

8CVSS6.2AI score0.00698EPSS
Exploits1References3Affected Software1
Prion
Prion
added 2022/07/25 2:15 p.m.10 views

Cross site scripting

Cross-site Scripting XSS - Reflected in GitHub repository beancount/fava prior to 1.22.2...

5.8CVSS6AI score0.00698EPSS
Exploits1References2Affected Software1
Prion
Prion
added 2022/07/25 2:15 p.m.6 views

Cross site scripting

The time and filter parameters in Fava prior to v1.22 are vulnerable to reflected XSS due to the lack of escaping of error messages which contained the parameters in verbatim...

5.8CVSS5.9AI score0.00698EPSS
Exploits1References2Affected Software1
OSV
OSV
added 2022/07/25 2:15 p.m.21 views

PYSEC-2022-239

The time and filter parameters in Fava prior to v1.22 are vulnerable to reflected XSS due to the lack of escaping of error messages which contained the parameters in verbatim...

8CVSS3.7AI score0.00698EPSS
Exploits1References3
CVE
CVE
added 2022/07/25 1:43 p.m.80 views

CVE-2022-2523

CVE-2022-2523 is a reflected XSS in the beancount/fava project, exploitable via the query_string parameter and fixed in version 1.22.2. The vulnerability affects Fava’s web interface and is documented across multiple feeds (NVD entry and OSV/GHSA advisories). The core issue is reflected XSS in th...

8CVSS6.2AI score0.00698EPSS
Exploits1References2Affected Software1
OSV
OSV
added 2022/07/25 1:43 p.m.17 views

CVE-2022-2523 Cross-site Scripting (XSS) - Reflected in beancount/fava

Cross-site Scripting XSS - Reflected in GitHub repository beancount/fava prior to 1.22.2...

8CVSS7.4AI score0.00698EPSS
Exploits1References4
Debian CVE
Debian CVE
added 2022/07/25 1:43 p.m.36 views

CVE-2022-2523

Cross-site Scripting XSS - Reflected in GitHub repository beancount/fava prior to 1.22.2...

8CVSS6.6AI score0.00698EPSS
Exploits1
Debian CVE
Debian CVE
added 2022/07/25 1:42 p.m.19 views

CVE-2022-2514

The time and filter parameters in Fava prior to v1.22 are vulnerable to reflected XSS due to the lack of escaping of error messages which contained the parameters in verbatim...

8CVSS6.7AI score0.00698EPSS
Exploits1
CVE
CVE
added 2022/07/25 1:42 p.m.76 views

CVE-2022-2514

CVE-2022-2514 affects Fava (beancount) prior to v1.22, with a reflected XSS due to failure to escape error messages that echoed the time and filter parameters. This is a cross-site scripting vulnerability in the beancount/fava stack that can expose user data via crafted input. A GitHub commit ca9...

8CVSS6.2AI score0.00698EPSS
Exploits1References2Affected Software1
OSV
OSV
added 2022/07/25 1:42 p.m.18 views

CVE-2022-2514 Cross-site Scripting (XSS) - Reflected in beancount/fava

The time and filter parameters in Fava prior to v1.22 are vulnerable to reflected XSS due to the lack of escaping of error messages which contained the parameters in verbatim...

8CVSS6.6AI score0.00698EPSS
Exploits1References4
Cvelist
Cvelist
added 2022/07/25 1:42 p.m.16 views

CVE-2022-2514 Cross-site Scripting (XSS) - Reflected in beancount/fava

The time and filter parameters in Fava prior to v1.22 are vulnerable to reflected XSS due to the lack of escaping of error messages which contained the parameters in verbatim...

8CVSS6.1AI score0.00698EPSS
Exploits1References2
CNNVD
CNNVD
added 2022/07/25 12:0 a.m.5 views

fava 跨站脚本漏洞

fava is the web interface of Beancount, an open source double-entry bookkeeping software from Beancount. A cross-site scripting vulnerability exists in versions prior to fava v1.22, which stems from the time and filter parameters being vulnerable to reflective cross-site scripting...

8CVSS6.3AI score0.00698EPSS
Exploits1References3
CNNVD
CNNVD
added 2022/07/25 12:0 a.m.4 views

fava 跨站脚本漏洞

fava is the web interface for Beancount, a double-entry bookkeeping software open source by Beancount. A security vulnerability exists in versions prior to fava 1.22.2. An attacker could exploit this vulnerability to perform cross-site scripting attacks...

8CVSS6.8AI score0.00698EPSS
Exploits1References3
Huntr
Huntr
added 2022/07/22 6:41 p.m.21 views

Reflected XSS in fava application

Description The "querystring" parameter of fava application is vulnerable to reflected XSS for which a attacker can modify any information that the user is able to modify. Proof of Concept 1.Open the url:...

5.8CVSS0.9AI score0.00698EPSS
Exploits1References2
Huntr
Huntr
added 2022/06/09 9:45 a.m.22 views

Cross-site Scripting (XSS) - Reflected

Description The time parameter in fava is vulnerable to reflected XSS Proof of Concept 1. 1.Open the web browser to access the fava webpage. 2. 2.Access the url:...

5.8CVSS0.1AI score0.00698EPSS
Exploits1References2
Rows per page
Query Builder