Описание
webmention.js Cross-site Scripting vulnerability
webmention.js prior to 0.5.5 is vulnerable to cross-site scripting.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2023-3672
- https://github.com/plaidweb/webmention.js/commit/3551b66b3e40da37fee89ecf72930c5efdc53011
- https://github.com/PlaidWeb/webmention.js/blob/9457e71433c0d2430bbe767ecc5b5837140d0ee4/static/webmention.js#L330
- https://huntr.dev/bounties/75cfb7ad-a75f-45ff-8688-32a9c55179aa
Пакеты
Наименование
webmention.js
npm
Затронутые версииВерсия исправления
< 0.5.5
0.5.5
Связанные уязвимости
CVSS3: 6.1
nvd
больше 2 лет назад
Cross-site Scripting (XSS) - DOM in GitHub repository plaidweb/webmention.js prior to 0.5.5.