VDB
KO

PYSEC-2022-239

Details

The time and filter parameters in Fava prior to v1.22 are vulnerable to reflected XSS due to the lack of escaping of error messages which contained the parameters in verbatim.

Are you affected?

Enter the version of the package you're using.

Affected packages

PyPI / fava
Introduced in: 0 Fixed in: ca9e3882c7b5fbf5273ba52340b9fea6a99f3711
Fix pip install --upgrade 'fava>=ca9e3882c7b5fbf5273ba52340b9fea6a99f3711'

References