CVE-2022-2514

The time and filter parameters in Fava prior to v1.22 are vulnerable to reflected XSS due to the lack of escaping of error messages which contained the parameters in verbatim.

CVSS v3 6.1 MEDIUM

6.1^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 2.8 / Impact : 2.7

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact LOW

Integrity Impact LOW

Availability Impact NONE

Scope CHANGED

References

Link	Resource
https://github.com/beancount/fava/commit/ca9e3882c7b5fbf5273ba52340b9fea6a99f3711	Patch Third Party Advisory
https://huntr.dev/bounties/dbf77139-4384-4dc5-9994-45a5e0747429	Exploit Patch Third Party Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:fava_project:fava:*:*:*:*:*:*:*:*

History

No history.

Information

Published : 2022-07-25 14:15

Updated : 2022-07-27 19:29

NVD link : CVE-2022-2514

Mitre link : CVE-2022-2514

CVE.ORG link : CVE-2022-2514

JSON object : View

Products Affected

fava_project

fava

CWE

CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

{"id": "CVE-2022-2514", "cveTags": [], "metrics": {"cvssMetricV30": [{"type": "Secondary", "source": "security@huntr.dev", "cvssData": {"scope": "CHANGED", "version": "3.0", "baseScore": 8.0, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "HIGH", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.8, "exploitabilityScore": 1.6}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 6.1, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 2.7, "exploitabilityScore": 2.8}]}, "published": "2022-07-25T14:15:10.873", "references": [{"url": "https://github.com/beancount/fava/commit/ca9e3882c7b5fbf5273ba52340b9fea6a99f3711", "tags": ["Patch", "Third Party Advisory"], "source": "security@huntr.dev"}, {"url": "https://huntr.dev/bounties/dbf77139-4384-4dc5-9994-45a5e0747429", "tags": ["Exploit", "Patch", "Third Party Advisory"], "source": "security@huntr.dev"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "security@huntr.dev", "description": [{"lang": "en", "value": "CWE-79"}]}], "descriptions": [{"lang": "en", "value": "The time and filter parameters in Fava prior to v1.22 are vulnerable to reflected XSS due to the lack of escaping of error messages which contained the parameters in verbatim."}, {"lang": "es", "value": "Los par\u00e1metros time y filter en Fava versiones anteriores a v1.22, son vulnerables a un ataque de tipo XSS reflejado debido a una falta de escape de los mensajes de error que conten\u00edan los par\u00e1metros en verbatim"}], "lastModified": "2022-07-27T19:29:52.413", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:fava_project:fava:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CFA91E73-606C-4966-A7FE-2B3E1F4B948D", "versionEndExcluding": "1.22"}], "operator": "OR"}]}], "sourceIdentifier": "security@huntr.dev"}