Jakob Schnitzer

3 exploits Active since Jul 2022
CVE-2022-2514 WRITEUP MEDIUM WRITEUP
Fava < 1.22 - Reflected Cross-Site Scripting via Time and Filter Parameters
The time and filter parameters in Fava prior to v1.22 are vulnerable to reflected XSS due to the lack of escaping of error messages which contained the parameters in verbatim.
CVSS 6.1
CVE-2022-2523 WRITEUP MEDIUM WRITEUP
fava < 1.22.2 - Reflected Cross-Site Scripting
Cross-site Scripting (XSS) - Reflected in GitHub repository beancount/fava prior to 1.22.2.
CVSS 6.1
CVE-2022-2589 WRITEUP MEDIUM WRITEUP
fava < 1.22.3 - Reflected Cross-Site Scripting
Cross-site Scripting (XSS) - Reflected in GitHub repository beancount/fava prior to 1.22.3.
CVSS 6.1