Base Score

MEDIUM6.1

CVE-2022-2523

Cross-site Scripting (XSS) - Reflected in GitHub repository beancount/fava prior to 1.22.2.

VectorNETWORK

Published Bysecurity@huntr.dev

Published DateJul 25, 2022, 14:15

Affected Versions(1)

fava(PyPI)

Introduced0

Fixed1.22.2

LimitN/A

Package (Ecosystem)	Introduced	Fixed	Limit
fava(PyPI)	0	1.22.2	N/A

Weakness Type (CWE):CWE-79

CVSS Metrics

Base Score

6.1

Vector String

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Base Severity

MEDIUM

Version

3.1

Attack Vector (AV)

NETWORK

Attack Complexity (AC)

LOW

Privileges Required (PR)

NONE

User Interaction (UI)

REQUIRED

Scope (S)

CHANGED

Confidentiality (C)

LOW

Integrity (I)

LOW

Availability (A)

NONE

References

https://github.com/beancount/fava/commit/dccfb6a2f4567f35ce2e9a78e24f92ebf946bc9b
https://huntr.dev/bounties/2a1802d8-1c2e-4919-96a7-d4dcf7ffcf8f

Base Score

MEDIUM6.1

Weakness Type (CWE):CWE-79

CVSS Metrics

Base Score

6.1

Vector String

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Base Severity

MEDIUM

Version

3.1

Attack Vector (AV)

NETWORK

Attack Complexity (AC)

LOW

Privileges Required (PR)

NONE

User Interaction (UI)

REQUIRED

Scope (S)

CHANGED

Confidentiality (C)

LOW

Integrity (I)

LOW

Availability (A)

NONE