3 matches found
CVE-2022-2589
CVE-2022-2589 affects the Beancount/Fava project: a reflected Cross-site Scripting (XSS) vulnerability due to improper validation on filter conversion in Fava before version 1.22.3. Affected component: Fava web UI logic (filter handling). Impact: potential credential or data exposure via crafted ...
CVE-2022-2523
CVE-2022-2523 is a reflected XSS in the beancount/fava project, exploitable via the query_string parameter and fixed in version 1.22.2. The vulnerability affects Fava’s web interface and is documented across multiple feeds (NVD entry and OSV/GHSA advisories). The core issue is reflected XSS in th...
CVE-2022-2514
CVE-2022-2514 affects Fava (beancount) prior to v1.22, with a reflected XSS due to failure to escape error messages that echoed the time and filter parameters. This is a cross-site scripting vulnerability in the beancount/fava stack that can expose user data via crafted input. A GitHub commit ca9...