Описание
The time and filter parameters in Fava prior to v1.22 are vulnerable to reflected XSS due to the lack of escaping of error messages which contained the parameters in verbatim.
Ссылки
- PatchThird Party Advisory
- ExploitPatchThird Party Advisory
- PatchThird Party Advisory
- ExploitPatchThird Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 1.22 (исключая)
cpe:2.3:a:fava_project:fava:*:*:*:*:*:*:*:*
EPSS
Процентиль: 55%
0.0032
Низкий
8 High
CVSS3
6.1 Medium
CVSS3
Дефекты
CWE-79
Связанные уязвимости
CVSS3: 6.1
ubuntu
больше 3 лет назад
The time and filter parameters in Fava prior to v1.22 are vulnerable to reflected XSS due to the lack of escaping of error messages which contained the parameters in verbatim.
CVSS3: 6.1
debian
больше 3 лет назад
The time and filter parameters in Fava prior to v1.22 are vulnerable t ...
CVSS3: 6.1
github
больше 3 лет назад
Fava time and filter parameters vulnerable to reflected Cross-site Scripting
EPSS
Процентиль: 55%
0.0032
Низкий
8 High
CVSS3
6.1 Medium
CVSS3
Дефекты
CWE-79