Package impact
PyPI / fava
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2022-2514 | medium | — | 5.5 | 4y ago | The time and filter parameters in Fava prior to v1.22 are vulnerable to reflected XSS due to the lack of escaping of error messages which contained the parameters in verbatim. | |||
| CVE-2022-2589 | unknown | — | — | 4y ago | Cross-site Scripting (XSS) - Reflected in GitHub repository beancount/fava prior to 1.22.3. | |||
| CVE-2022-2523 | unknown | — | — | 4y ago | Cross-site Scripting (XSS) - Reflected in GitHub repository beancount/fava prior to 1.22.2. |