CVE-2022-2514

The time and filter parameters in Fava prior to v1.22 are vulnerable to reflected XSS due to the lack of escaping of error messages which contained the parameters in verbatim.
Advertisement

NeevaHost hosting service

Configurations

Configuration 1 (hide)

cpe:2.3:a:fava_project:fava:*:*:*:*:*:*:*:*

Information

Published : 2022-07-25 07:15

Updated : 2022-07-27 12:29


NVD link : CVE-2022-2514

Mitre link : CVE-2022-2514


JSON object : View

CWE
CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Advertisement

dedicated server usa

Products Affected

fava_project

  • fava