Skip to main content

Fava

3 CVEs product

Monthly

CVE-2022-2589 PyPI MEDIUM POC PATCH This Month

Cross-site Scripting (XSS) - Reflected in GitHub repository beancount/fava prior to 1.22.3. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS Fava
NVD GitHub
CVSS 3.1
6.1
EPSS
0.6%
CVE-2022-2523 PyPI MEDIUM POC PATCH This Month

Cross-site Scripting (XSS) - Reflected in GitHub repository beancount/fava prior to 1.22.2. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS Fava
NVD GitHub
CVSS 3.1
6.1
EPSS
0.7%
CVE-2022-2514 PyPI MEDIUM POC PATCH This Month

The time and filter parameters in Fava prior to v1.22 are vulnerable to reflected XSS due to the lack of escaping of error messages which contained the parameters in verbatim. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS Fava
NVD GitHub
CVSS 3.1
6.1
EPSS
0.7%
EPSS 1% CVSS 6.1
MEDIUM POC PATCH This Month

Cross-site Scripting (XSS) - Reflected in GitHub repository beancount/fava prior to 1.22.3. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS Fava
NVD GitHub
EPSS 1% CVSS 6.1
MEDIUM POC PATCH This Month

Cross-site Scripting (XSS) - Reflected in GitHub repository beancount/fava prior to 1.22.2. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS Fava
NVD GitHub
EPSS 1% CVSS 6.1
MEDIUM POC PATCH This Month

The time and filter parameters in Fava prior to v1.22 are vulnerable to reflected XSS due to the lack of escaping of error messages which contained the parameters in verbatim. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS Fava
NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy