CVE-2022-2514: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
(updated )
The time and filter parameters in Fava prior to v1.22 is vulnerable to reflected XSS due to the lack of escaping of error messages which contained the parameters in verbatim.
References
Detect and mitigate CVE-2022-2514 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →