Описание
The time and filter parameters in Fava prior to v1.22 are vulnerable to reflected XSS due to the lack of escaping of error messages which contained the parameters in verbatim.
| Релиз | Статус | Примечание |
|---|---|---|
| bionic | DNE | |
| devel | needs-triage | |
| esm-apps/focal | needs-triage | |
| esm-apps/jammy | needs-triage | |
| focal | ignored | end of standard support, was needs-triage |
| jammy | needs-triage | |
| kinetic | ignored | end of life, was needs-triage |
| lunar | ignored | end of life, was needs-triage |
| mantic | ignored | end of life, was needs-triage |
| noble | DNE |
Показывать по
10
EPSS
Процентиль: 55%
0.0032
Низкий
6.1 Medium
CVSS3
Связанные уязвимости
CVSS3: 6.1
nvd
больше 3 лет назад
The time and filter parameters in Fava prior to v1.22 are vulnerable to reflected XSS due to the lack of escaping of error messages which contained the parameters in verbatim.
CVSS3: 6.1
debian
больше 3 лет назад
The time and filter parameters in Fava prior to v1.22 are vulnerable t ...
CVSS3: 6.1
github
больше 3 лет назад
Fava time and filter parameters vulnerable to reflected Cross-site Scripting
EPSS
Процентиль: 55%
0.0032
Низкий
6.1 Medium
CVSS3