Search
Find a vulnerability
Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
6 vulnerabilities by beancount
CVE-2022-2589 (GCVE-0-2022-2589)
Vulnerability from nvd – Published: 2022-08-01 14:12 – Updated: 2024-08-03 00:39
VLAI
Title
Cross-site Scripting (XSS) - Reflected in beancount/fava
Summary
Cross-site Scripting (XSS) - Reflected in GitHub repository beancount/fava prior to 1.22.3.
Severity
6.9 (Medium)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://huntr.dev/bounties/8705800d-cf2f-433d-9c3… | x_refsource_CONFIRM |
| https://github.com/beancount/fava/commit/68bbb6e3… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| beancount | beancount/fava |
Affected:
unspecified , < 1.22.3
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T00:39:08.261Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://huntr.dev/bounties/8705800d-cf2f-433d-9c3e-dbef6a3f7e08"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/beancount/fava/commit/68bbb6e39319deb35ab9f18d0b6aa9fa70472539"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "beancount/fava",
"vendor": "beancount",
"versions": [
{
"lessThan": "1.22.3",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site Scripting (XSS) - Reflected in GitHub repository beancount/fava prior to 1.22.3."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:H/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-08-01T14:12:23.000Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://huntr.dev/bounties/8705800d-cf2f-433d-9c3e-dbef6a3f7e08"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/beancount/fava/commit/68bbb6e39319deb35ab9f18d0b6aa9fa70472539"
}
],
"source": {
"advisory": "8705800d-cf2f-433d-9c3e-dbef6a3f7e08",
"discovery": "EXTERNAL"
},
"title": "Cross-site Scripting (XSS) - Reflected in beancount/fava",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2022-2589",
"STATE": "PUBLIC",
"TITLE": "Cross-site Scripting (XSS) - Reflected in beancount/fava"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "beancount/fava",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "1.22.3"
}
]
}
}
]
},
"vendor_name": "beancount"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site Scripting (XSS) - Reflected in GitHub repository beancount/fava prior to 1.22.3."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:H/A:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://huntr.dev/bounties/8705800d-cf2f-433d-9c3e-dbef6a3f7e08",
"refsource": "CONFIRM",
"url": "https://huntr.dev/bounties/8705800d-cf2f-433d-9c3e-dbef6a3f7e08"
},
{
"name": "https://github.com/beancount/fava/commit/68bbb6e39319deb35ab9f18d0b6aa9fa70472539",
"refsource": "MISC",
"url": "https://github.com/beancount/fava/commit/68bbb6e39319deb35ab9f18d0b6aa9fa70472539"
}
]
},
"source": {
"advisory": "8705800d-cf2f-433d-9c3e-dbef6a3f7e08",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2022-2589",
"datePublished": "2022-08-01T14:12:23.000Z",
"dateReserved": "2022-07-30T00:00:00.000Z",
"dateUpdated": "2024-08-03T00:39:08.261Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-2523 (GCVE-0-2022-2523)
Vulnerability from nvd – Published: 2022-07-25 13:43 – Updated: 2024-08-03 00:39
VLAI
Title
Cross-site Scripting (XSS) - Reflected in beancount/fava
Summary
Cross-site Scripting (XSS) - Reflected in GitHub repository beancount/fava prior to 1.22.2.
Severity
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://huntr.dev/bounties/2a1802d8-1c2e-4919-96a… | x_refsource_CONFIRM |
| https://github.com/beancount/fava/commit/dccfb6a2… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| beancount | beancount/fava |
Affected:
unspecified , < 1.22.2
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T00:39:08.063Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://huntr.dev/bounties/2a1802d8-1c2e-4919-96a7-d4dcf7ffcf8f"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/beancount/fava/commit/dccfb6a2f4567f35ce2e9a78e24f92ebf946bc9b"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "beancount/fava",
"vendor": "beancount",
"versions": [
{
"lessThan": "1.22.2",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site Scripting (XSS) - Reflected in GitHub repository beancount/fava prior to 1.22.2."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-07-25T13:43:39.000Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://huntr.dev/bounties/2a1802d8-1c2e-4919-96a7-d4dcf7ffcf8f"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/beancount/fava/commit/dccfb6a2f4567f35ce2e9a78e24f92ebf946bc9b"
}
],
"source": {
"advisory": "2a1802d8-1c2e-4919-96a7-d4dcf7ffcf8f",
"discovery": "EXTERNAL"
},
"title": "Cross-site Scripting (XSS) - Reflected in beancount/fava",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2022-2523",
"STATE": "PUBLIC",
"TITLE": "Cross-site Scripting (XSS) - Reflected in beancount/fava"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "beancount/fava",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "1.22.2"
}
]
}
}
]
},
"vendor_name": "beancount"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site Scripting (XSS) - Reflected in GitHub repository beancount/fava prior to 1.22.2."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://huntr.dev/bounties/2a1802d8-1c2e-4919-96a7-d4dcf7ffcf8f",
"refsource": "CONFIRM",
"url": "https://huntr.dev/bounties/2a1802d8-1c2e-4919-96a7-d4dcf7ffcf8f"
},
{
"name": "https://github.com/beancount/fava/commit/dccfb6a2f4567f35ce2e9a78e24f92ebf946bc9b",
"refsource": "MISC",
"url": "https://github.com/beancount/fava/commit/dccfb6a2f4567f35ce2e9a78e24f92ebf946bc9b"
}
]
},
"source": {
"advisory": "2a1802d8-1c2e-4919-96a7-d4dcf7ffcf8f",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2022-2523",
"datePublished": "2022-07-25T13:43:39.000Z",
"dateReserved": "2022-07-23T00:00:00.000Z",
"dateUpdated": "2024-08-03T00:39:08.063Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-2514 (GCVE-0-2022-2514)
Vulnerability from nvd – Published: 2022-07-25 13:42 – Updated: 2024-08-03 00:39
VLAI
Title
Cross-site Scripting (XSS) - Reflected in beancount/fava
Summary
The time and filter parameters in Fava prior to v1.22 are vulnerable to reflected XSS due to the lack of escaping of error messages which contained the parameters in verbatim.
Severity
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://huntr.dev/bounties/dbf77139-4384-4dc5-999… | x_refsource_CONFIRM |
| https://github.com/beancount/fava/commit/ca9e3882… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| beancount | beancount/fava |
Affected:
unspecified , < 1.22
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T00:39:08.013Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://huntr.dev/bounties/dbf77139-4384-4dc5-9994-45a5e0747429"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/beancount/fava/commit/ca9e3882c7b5fbf5273ba52340b9fea6a99f3711"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "beancount/fava",
"vendor": "beancount",
"versions": [
{
"lessThan": "1.22",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The time and filter parameters in Fava prior to v1.22 are vulnerable to reflected XSS due to the lack of escaping of error messages which contained the parameters in verbatim."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-07-25T13:42:34.000Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://huntr.dev/bounties/dbf77139-4384-4dc5-9994-45a5e0747429"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/beancount/fava/commit/ca9e3882c7b5fbf5273ba52340b9fea6a99f3711"
}
],
"source": {
"advisory": "dbf77139-4384-4dc5-9994-45a5e0747429",
"discovery": "EXTERNAL"
},
"title": "Cross-site Scripting (XSS) - Reflected in beancount/fava",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2022-2514",
"STATE": "PUBLIC",
"TITLE": "Cross-site Scripting (XSS) - Reflected in beancount/fava"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "beancount/fava",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "1.22"
}
]
}
}
]
},
"vendor_name": "beancount"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The time and filter parameters in Fava prior to v1.22 are vulnerable to reflected XSS due to the lack of escaping of error messages which contained the parameters in verbatim."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://huntr.dev/bounties/dbf77139-4384-4dc5-9994-45a5e0747429",
"refsource": "CONFIRM",
"url": "https://huntr.dev/bounties/dbf77139-4384-4dc5-9994-45a5e0747429"
},
{
"name": "https://github.com/beancount/fava/commit/ca9e3882c7b5fbf5273ba52340b9fea6a99f3711",
"refsource": "MISC",
"url": "https://github.com/beancount/fava/commit/ca9e3882c7b5fbf5273ba52340b9fea6a99f3711"
}
]
},
"source": {
"advisory": "dbf77139-4384-4dc5-9994-45a5e0747429",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2022-2514",
"datePublished": "2022-07-25T13:42:34.000Z",
"dateReserved": "2022-07-22T00:00:00.000Z",
"dateUpdated": "2024-08-03T00:39:08.013Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-2589 (GCVE-0-2022-2589)
Vulnerability from cvelistv5 – Published: 2022-08-01 14:12 – Updated: 2024-08-03 00:39
VLAI
Title
Cross-site Scripting (XSS) - Reflected in beancount/fava
Summary
Cross-site Scripting (XSS) - Reflected in GitHub repository beancount/fava prior to 1.22.3.
Severity
6.9 (Medium)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://huntr.dev/bounties/8705800d-cf2f-433d-9c3… | x_refsource_CONFIRM |
| https://github.com/beancount/fava/commit/68bbb6e3… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| beancount | beancount/fava |
Affected:
unspecified , < 1.22.3
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T00:39:08.261Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://huntr.dev/bounties/8705800d-cf2f-433d-9c3e-dbef6a3f7e08"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/beancount/fava/commit/68bbb6e39319deb35ab9f18d0b6aa9fa70472539"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "beancount/fava",
"vendor": "beancount",
"versions": [
{
"lessThan": "1.22.3",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site Scripting (XSS) - Reflected in GitHub repository beancount/fava prior to 1.22.3."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:H/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-08-01T14:12:23.000Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://huntr.dev/bounties/8705800d-cf2f-433d-9c3e-dbef6a3f7e08"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/beancount/fava/commit/68bbb6e39319deb35ab9f18d0b6aa9fa70472539"
}
],
"source": {
"advisory": "8705800d-cf2f-433d-9c3e-dbef6a3f7e08",
"discovery": "EXTERNAL"
},
"title": "Cross-site Scripting (XSS) - Reflected in beancount/fava",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2022-2589",
"STATE": "PUBLIC",
"TITLE": "Cross-site Scripting (XSS) - Reflected in beancount/fava"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "beancount/fava",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "1.22.3"
}
]
}
}
]
},
"vendor_name": "beancount"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site Scripting (XSS) - Reflected in GitHub repository beancount/fava prior to 1.22.3."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:H/A:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://huntr.dev/bounties/8705800d-cf2f-433d-9c3e-dbef6a3f7e08",
"refsource": "CONFIRM",
"url": "https://huntr.dev/bounties/8705800d-cf2f-433d-9c3e-dbef6a3f7e08"
},
{
"name": "https://github.com/beancount/fava/commit/68bbb6e39319deb35ab9f18d0b6aa9fa70472539",
"refsource": "MISC",
"url": "https://github.com/beancount/fava/commit/68bbb6e39319deb35ab9f18d0b6aa9fa70472539"
}
]
},
"source": {
"advisory": "8705800d-cf2f-433d-9c3e-dbef6a3f7e08",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2022-2589",
"datePublished": "2022-08-01T14:12:23.000Z",
"dateReserved": "2022-07-30T00:00:00.000Z",
"dateUpdated": "2024-08-03T00:39:08.261Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-2523 (GCVE-0-2022-2523)
Vulnerability from cvelistv5 – Published: 2022-07-25 13:43 – Updated: 2024-08-03 00:39
VLAI
Title
Cross-site Scripting (XSS) - Reflected in beancount/fava
Summary
Cross-site Scripting (XSS) - Reflected in GitHub repository beancount/fava prior to 1.22.2.
Severity
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://huntr.dev/bounties/2a1802d8-1c2e-4919-96a… | x_refsource_CONFIRM |
| https://github.com/beancount/fava/commit/dccfb6a2… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| beancount | beancount/fava |
Affected:
unspecified , < 1.22.2
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T00:39:08.063Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://huntr.dev/bounties/2a1802d8-1c2e-4919-96a7-d4dcf7ffcf8f"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/beancount/fava/commit/dccfb6a2f4567f35ce2e9a78e24f92ebf946bc9b"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "beancount/fava",
"vendor": "beancount",
"versions": [
{
"lessThan": "1.22.2",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site Scripting (XSS) - Reflected in GitHub repository beancount/fava prior to 1.22.2."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-07-25T13:43:39.000Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://huntr.dev/bounties/2a1802d8-1c2e-4919-96a7-d4dcf7ffcf8f"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/beancount/fava/commit/dccfb6a2f4567f35ce2e9a78e24f92ebf946bc9b"
}
],
"source": {
"advisory": "2a1802d8-1c2e-4919-96a7-d4dcf7ffcf8f",
"discovery": "EXTERNAL"
},
"title": "Cross-site Scripting (XSS) - Reflected in beancount/fava",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2022-2523",
"STATE": "PUBLIC",
"TITLE": "Cross-site Scripting (XSS) - Reflected in beancount/fava"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "beancount/fava",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "1.22.2"
}
]
}
}
]
},
"vendor_name": "beancount"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site Scripting (XSS) - Reflected in GitHub repository beancount/fava prior to 1.22.2."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://huntr.dev/bounties/2a1802d8-1c2e-4919-96a7-d4dcf7ffcf8f",
"refsource": "CONFIRM",
"url": "https://huntr.dev/bounties/2a1802d8-1c2e-4919-96a7-d4dcf7ffcf8f"
},
{
"name": "https://github.com/beancount/fava/commit/dccfb6a2f4567f35ce2e9a78e24f92ebf946bc9b",
"refsource": "MISC",
"url": "https://github.com/beancount/fava/commit/dccfb6a2f4567f35ce2e9a78e24f92ebf946bc9b"
}
]
},
"source": {
"advisory": "2a1802d8-1c2e-4919-96a7-d4dcf7ffcf8f",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2022-2523",
"datePublished": "2022-07-25T13:43:39.000Z",
"dateReserved": "2022-07-23T00:00:00.000Z",
"dateUpdated": "2024-08-03T00:39:08.063Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-2514 (GCVE-0-2022-2514)
Vulnerability from cvelistv5 – Published: 2022-07-25 13:42 – Updated: 2024-08-03 00:39
VLAI
Title
Cross-site Scripting (XSS) - Reflected in beancount/fava
Summary
The time and filter parameters in Fava prior to v1.22 are vulnerable to reflected XSS due to the lack of escaping of error messages which contained the parameters in verbatim.
Severity
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://huntr.dev/bounties/dbf77139-4384-4dc5-999… | x_refsource_CONFIRM |
| https://github.com/beancount/fava/commit/ca9e3882… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| beancount | beancount/fava |
Affected:
unspecified , < 1.22
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T00:39:08.013Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://huntr.dev/bounties/dbf77139-4384-4dc5-9994-45a5e0747429"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/beancount/fava/commit/ca9e3882c7b5fbf5273ba52340b9fea6a99f3711"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "beancount/fava",
"vendor": "beancount",
"versions": [
{
"lessThan": "1.22",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The time and filter parameters in Fava prior to v1.22 are vulnerable to reflected XSS due to the lack of escaping of error messages which contained the parameters in verbatim."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-07-25T13:42:34.000Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://huntr.dev/bounties/dbf77139-4384-4dc5-9994-45a5e0747429"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/beancount/fava/commit/ca9e3882c7b5fbf5273ba52340b9fea6a99f3711"
}
],
"source": {
"advisory": "dbf77139-4384-4dc5-9994-45a5e0747429",
"discovery": "EXTERNAL"
},
"title": "Cross-site Scripting (XSS) - Reflected in beancount/fava",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2022-2514",
"STATE": "PUBLIC",
"TITLE": "Cross-site Scripting (XSS) - Reflected in beancount/fava"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "beancount/fava",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "1.22"
}
]
}
}
]
},
"vendor_name": "beancount"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The time and filter parameters in Fava prior to v1.22 are vulnerable to reflected XSS due to the lack of escaping of error messages which contained the parameters in verbatim."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://huntr.dev/bounties/dbf77139-4384-4dc5-9994-45a5e0747429",
"refsource": "CONFIRM",
"url": "https://huntr.dev/bounties/dbf77139-4384-4dc5-9994-45a5e0747429"
},
{
"name": "https://github.com/beancount/fava/commit/ca9e3882c7b5fbf5273ba52340b9fea6a99f3711",
"refsource": "MISC",
"url": "https://github.com/beancount/fava/commit/ca9e3882c7b5fbf5273ba52340b9fea6a99f3711"
}
]
},
"source": {
"advisory": "dbf77139-4384-4dc5-9994-45a5e0747429",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2022-2514",
"datePublished": "2022-07-25T13:42:34.000Z",
"dateReserved": "2022-07-22T00:00:00.000Z",
"dateUpdated": "2024-08-03T00:39:08.013Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}