Description
Cross-site Scripting (XSS) - Reflected in GitHub repository beancount/fava prior to 1.22.3.
References (2)
Core 2
Core References
Exploit, Patch, Third Party Advisory x_refsource_confirm
https://huntr.dev/bounties/8705800d-cf2f-433d-9c3e-dbef6a3f7e08
Patch, Third Party Advisory x_refsource_misc
https://github.com/beancount/fava/commit/68bbb6e39319deb35ab9f18d0b6aa9fa70472539
Scores
CVSS v3
6.1
EPSS
0.0025
EPSS Percentile
47.9%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Details
CWE
CWE-79
Status
published
Products (2)
fava_project/fava
< 1.22.3
pypi/fava
0 - 1.22.3PyPI
Published
Aug 01, 2022
Tracked Since
Feb 18, 2026