← volver
CVE-2022-2514

Cross-site Scripting (XSS) - Reflected in beancount/fava

CVSS 8 HIGHEPSS 0.7%CWE-79
The time and filter parameters in Fava prior to v1.22 are vulnerable to reflected XSS due to the lack of escaping of error messages which contained the parameters in verbatim.
CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:N
Productos afectados
beancount · beancount/fava

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →
Referencias
https://github.com/beancount/fava/commit/ca9e3882c7b5fbf5273ba52340b9fea6a99f3711https://huntr.dev/bounties/dbf77139-4384-4dc5-9994-45a5e0747429