beancount/fava

Releases67

Frequency1 month 3 weeks

Last Release 4 months ago

Stars2.46K

Fava - web interface for Beancount

CVE History

CVE	Published	CVSS v3	CVSS v2
CVE-2022-2589 ↗	Aug 1, 2022Monday, 1 August 2022, 15:15	6.1 MEDIUM	—
Cross-site Scripting (XSS) - Reflected in GitHub repository beancount/fava prior to 1.22.3.
CVE-2022-2514 ↗	Jul 25, 2022Monday, 25 July 2022, 14:15	6.1 MEDIUM	—
The time and filter parameters in Fava prior to v1.22 are vulnerable to reflected XSS due to the lack of escaping of error messages which contained the parameters in verbatim.
CVE-2022-2523 ↗	Jul 25, 2022Monday, 25 July 2022, 14:15	6.1 MEDIUM	—
Cross-site Scripting (XSS) - Reflected in GitHub repository beancount/fava prior to 1.22.2.