58 matches found
UBUNTU-CVE-2022-2523
Cross-site Scripting XSS - Reflected in GitHub repository beancount/fava prior to 1.22.2...
PYSEC-2022-240
Cross-site Scripting XSS - Reflected in GitHub repository beancount/fava prior to 1.22.2...
PYSEC-2022-239
The time and filter parameters in Fava prior to v1.22 are vulnerable to reflected XSS due to the lack of escaping of error messages which contained the parameters in verbatim...
PYSEC-2022-240
Cross-site Scripting XSS - Reflected in GitHub repository beancount/fava prior to 1.22.2...
Cross site scripting
Cross-site Scripting XSS - Reflected in GitHub repository beancount/fava prior to 1.22.2...
Cross site scripting
The time and filter parameters in Fava prior to v1.22 are vulnerable to reflected XSS due to the lack of escaping of error messages which contained the parameters in verbatim...
PYSEC-2022-239
The time and filter parameters in Fava prior to v1.22 are vulnerable to reflected XSS due to the lack of escaping of error messages which contained the parameters in verbatim...
CVE-2022-2523
CVE-2022-2523 is a reflected XSS in the beancount/fava project, exploitable via the query_string parameter and fixed in version 1.22.2. The vulnerability affects Fava’s web interface and is documented across multiple feeds (NVD entry and OSV/GHSA advisories). The core issue is reflected XSS in th...
CVE-2022-2523 Cross-site Scripting (XSS) - Reflected in beancount/fava
Cross-site Scripting XSS - Reflected in GitHub repository beancount/fava prior to 1.22.2...
CVE-2022-2523
Cross-site Scripting XSS - Reflected in GitHub repository beancount/fava prior to 1.22.2...
CVE-2022-2514
The time and filter parameters in Fava prior to v1.22 are vulnerable to reflected XSS due to the lack of escaping of error messages which contained the parameters in verbatim...
CVE-2022-2514
CVE-2022-2514 affects Fava (beancount) prior to v1.22, with a reflected XSS due to failure to escape error messages that echoed the time and filter parameters. This is a cross-site scripting vulnerability in the beancount/fava stack that can expose user data via crafted input. A GitHub commit ca9...
CVE-2022-2514 Cross-site Scripting (XSS) - Reflected in beancount/fava
The time and filter parameters in Fava prior to v1.22 are vulnerable to reflected XSS due to the lack of escaping of error messages which contained the parameters in verbatim...
CVE-2022-2514 Cross-site Scripting (XSS) - Reflected in beancount/fava
The time and filter parameters in Fava prior to v1.22 are vulnerable to reflected XSS due to the lack of escaping of error messages which contained the parameters in verbatim...
fava 跨站脚本漏洞
fava is the web interface of Beancount, an open source double-entry bookkeeping software from Beancount. A cross-site scripting vulnerability exists in versions prior to fava v1.22, which stems from the time and filter parameters being vulnerable to reflective cross-site scripting...
fava 跨站脚本漏洞
fava is the web interface for Beancount, a double-entry bookkeeping software open source by Beancount. A security vulnerability exists in versions prior to fava 1.22.2. An attacker could exploit this vulnerability to perform cross-site scripting attacks...
Reflected XSS in fava application
Description The "querystring" parameter of fava application is vulnerable to reflected XSS for which a attacker can modify any information that the user is able to modify. Proof of Concept 1.Open the url:...
Cross-site Scripting (XSS) - Reflected
Description The time parameter in fava is vulnerable to reflected XSS Proof of Concept 1. 1.Open the web browser to access the fava webpage. 2. 2.Access the url:...