Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2023-1767

Опубликовано: 20 апр. 2023
Источник: nvd
CVSS3: 4.3
CVSS3: 5.4
EPSS Низкий

Описание

The Snyk Advisor website (https://snyk.io/advisor/) was vulnerable to a stored XSS prior to 28th March 2023. A feature of Snyk Advisor is to display the contents of a scanned package's Readme on its package health page. An attacker could create a package in NPM with an associated markdown README file containing XSS-able HTML tags. Upon Snyk Advisor importing the package, the XSS would run each time an end user browsed to the package's page on Snyk Advisor.

Ссылки

Уязвимые конфигурации

Конфигурация 1
cpe:2.3:a:snyk:advisor:*:*:*:*:*:*:*:*
Версия до 2023-03-28 (исключая)

EPSS

Процентиль: 88%
0.0393
Низкий

4.3 Medium

CVSS3

5.4 Medium

CVSS3

Дефекты

CWE-79
CWE-79

Связанные уязвимости

github логотип

GHSA-66mg-wfxj-x3xv

CVSS3: 4.3
github
почти 3 года назад

The Snyk Advisor website (https://snyk.io/advisor/) was vulnerable to a stored XSS prior to 28th March 2023. A feature of Snyk Advisor is to display the contents of a scanned package's Readme on its package health page. An attacker could create a package in NPM with an associated markdown README file containing XSS-able HTML tags. Upon Snyk Advisor importing the package, the XSS would run each time an end user browsed to the package's page on Snyk Advisor.

EPSS

Процентиль: 88%
0.0393
Низкий

4.3 Medium

CVSS3

5.4 Medium

CVSS3

Дефекты

CWE-79
CWE-79