Fava time and filter parameters vulnerable to reflected XSS before v1.22
Moderate severity
GitHub Reviewed
Published
Jul 26, 2022
to the GitHub Advisory Database
•
Updated Jan 27, 2023
Description
Published by the National Vulnerability Database
Jul 25, 2022
Published to the GitHub Advisory Database
Jul 26, 2022
Reviewed
Aug 6, 2022
Last updated
Jan 27, 2023
The time and filter parameters in Fava prior to v1.22 are vulnerable to reflected cross-site scripting due to the lack of escaping of error messages which contained the parameters in verbatim.
References