Headline
GHSA-q8hg-3vqv-f8v3: Fava vulnerable to Reflected Cross-site Scripting before v1.22.2
Cross-site Scripting (XSS) - Reflected in GitHub repository beancount/fava prior to 1.22.2.
The query_string parameter of Fava is vulnerable to reflected cross-site scripting, for which a attacker can modify any information that the user is able to modify. This issue is fixed in version 1.22.2.
Fava vulnerable to Reflected Cross-site Scripting before v1.22.2
Moderate severity GitHub Reviewed Published Jul 26, 2022 • Updated Aug 6, 2022
Related news
CVE-2022-2523: Reflected XSS in fava application in fava
Cross-site Scripting (XSS) - Reflected in GitHub repository beancount/fava prior to 1.22.2.