Description
Cross-site Scripting (XSS) - Reflected in GitHub repository beancount/fava prior to 1.22.3.
CVSS breakdown
CVSS 3.0
Attack Vector
Network
Attack Complexity
High
Privileges Required
None
User Interaction
Required
Scope
Changed
Confidentiality
Low
Integrity
High
Availability
None
Affected products
- beancount / beancount/favaunspecified – 1.22.3