Fava Security Vulnerabilities and Issues — Fava CVE List

Lucene search

Fava ProjectFava

3 matches found

CVE•added 2022/08/01 3:15 p.m.•83 views

CVE-2022-2589

Cross-site Scripting (XSS) - Reflected in GitHub repository beancount/fava prior to 1.22.3.

6.9CVSS6AI score0.0013EPSS

CVE•added 2022/07/25 2:15 p.m.•58 views

CVE-2022-2523

Cross-site Scripting (XSS) - Reflected in GitHub repository beancount/fava prior to 1.22.2.

8CVSS6.2AI score0.00145EPSS

CVE•added 2022/07/25 2:15 p.m.•57 views

CVE-2022-2514

The time and filter parameters in Fava prior to v1.22 are vulnerable to reflected XSS due to the lack of escaping of error messages which contained the parameters in verbatim.

8CVSS6.2AI score0.00145EPSS