Base Score

MEDIUM6.1

CVE-2022-2589

Cross-site Scripting (XSS) - Reflected in GitHub repository beancount/fava prior to 1.22.3.

VectorNETWORK

Published Bysecurity@huntr.dev

Published DateAug 01, 2022, 15:15

Affected Versions(1)

fava(PyPI)

Introduced0

Fixed1.22.3

LimitN/A

Package (Ecosystem)	Introduced	Fixed	Limit
fava(PyPI)	0	1.22.3	N/A

Weakness Type (CWE):CWE-79

CVSS Metrics

Base Score

6.1

Vector String

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Base Severity

MEDIUM

Version

3.1

Attack Vector (AV)

NETWORK

Attack Complexity (AC)

LOW

Privileges Required (PR)

NONE

User Interaction (UI)

REQUIRED

Scope (S)

CHANGED

Confidentiality (C)

LOW

Integrity (I)

LOW

Availability (A)

NONE

References

https://github.com/beancount/fava/commit/68bbb6e39319deb35ab9f18d0b6aa9fa70472539
https://huntr.dev/bounties/8705800d-cf2f-433d-9c3e-dbef6a3f7e08

Base Score

MEDIUM6.1

Weakness Type (CWE):CWE-79

CVSS Metrics

Base Score

6.1

Vector String

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Base Severity

MEDIUM

Version

3.1

Attack Vector (AV)

NETWORK

Attack Complexity (AC)

LOW

Privileges Required (PR)

NONE

User Interaction (UI)

REQUIRED

Scope (S)

CHANGED

Confidentiality (C)

LOW

Integrity (I)

LOW

Availability (A)

NONE