{"id":"PYSEC-2022-240","details":"Cross-site Scripting (XSS) - Reflected in GitHub repository beancount/fava prior to 1.22.2.","aliases":["CVE-2022-2523","GHSA-q8hg-3vqv-f8v3"],"modified":"2023-11-08T04:08:44.444352Z","published":"2022-07-25T14:15:00Z","references":[{"type":"WEB","url":"https://huntr.dev/bounties/2a1802d8-1c2e-4919-96a7-d4dcf7ffcf8f"},{"type":"FIX","url":"https://github.com/beancount/fava/commit/dccfb6a2f4567f35ce2e9a78e24f92ebf946bc9b"},{"type":"ADVISORY","url":"https://github.com/advisories/GHSA-q8hg-3vqv-f8v3"}],"affected":[{"package":{"name":"fava","ecosystem":"PyPI","purl":"pkg:pypi/fava"},"ranges":[{"type":"GIT","repo":"https://github.com/beancount/fava","events":[{"introduced":"0"},{"fixed":"dccfb6a2f4567f35ce2e9a78e24f92ebf946bc9b"}]},{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.22.2"}]}],"versions":["0.0.0","1.10","1.11","1.12","1.13","1.14","1.15","1.16","1.17","1.18","1.19","1.20","1.20.1","1.21","1.22","1.22.1","1.3","1.4","1.5","1.6","1.7","1.8","1.9"],"database_specific":{"source":"https://github.com/pypa/advisory-database/blob/main/vulns/fava/PYSEC-2022-240.yaml"}}],"schema_version":"1.7.3"}