Security
Headlines
HeadlinesLatestCVEs

Headline

GHSA-6hcj-qrw3-m66q: Fava before 1.22.3 vulnerable to reflected cross-site scripting

Fava before 1.22.3 is vulnerable to reflected cross-site scripting due to improper validation on filter conversion.

ghsa
#xss#git

Fava before 1.22.3 vulnerable to reflected cross-site scripting

Moderate severity GitHub Reviewed Published Aug 2, 2022 • Updated Aug 10, 2022

Related news

CVE-2022-2589: Reflected XSS on conversion filter function in fava

Cross-site Scripting (XSS) - Reflected in GitHub repository beancount/fava prior to 1.22.3.