Cross-site Scripting (XSS)

fava is vulnerable to cross-site scripting. The vulnerability exists because of the lack of escaping error messages in errors.html, allowing an attacker to inject and execute malicious javascript through the malicious verbatim parameters...