Описание
The time and filter parameters in Fava prior to v1.22 are vulnerable to reflected XSS due to the lack of escaping of error messages which contained the parameters in verbatim.
| Релиз | Статус | Примечание |
|---|---|---|
| bionic | DNE | |
| devel | needs-triage | |
| esm-apps/focal | needs-triage | |
| esm-apps/jammy | needs-triage | |
| focal | ignored | end of standard support, was needs-triage |
| jammy | needs-triage | |
| kinetic | ignored | end of life, was needs-triage |
| lunar | ignored | end of life, was needs-triage |
| mantic | ignored | end of life, was needs-triage |
| noble | DNE |
Показывать по
10
6.1 Medium
CVSS3
Связанные уязвимости
CVSS3: 6.1
nvd
больше 3 лет назад
The time and filter parameters in Fava prior to v1.22 are vulnerable to reflected XSS due to the lack of escaping of error messages which contained the parameters in verbatim.
CVSS3: 6.1
debian
больше 3 лет назад
The time and filter parameters in Fava prior to v1.22 are vulnerable t ...
CVSS3: 6.1
github
больше 3 лет назад
Fava time and filter parameters vulnerable to reflected Cross-site Scripting
6.1 Medium
CVSS3