Fava time and filter parameters vulnerable to reflected Cross-site Scripting
Details
The time and filter parameters in Fava prior to v1.22 are vulnerable to reflected cross-site scripting due to the lack of escaping of error messages which contained the parameters in verbatim.