exploitDog

CVE-2023-30792

Опубликовано: 29 апр. 2023

Источник: nvd

CVSS3: 6.1

EPSS Низкий

Описание

Anchor tag hrefs in Lexical prior to v0.10.0 would render javascript: URLs, allowing for cross-site scripting on link clicks in cases where input was being parsed from untrusted sources.

Ссылки

https://github.com/facebook/lexical/releases/tag/v0.10.0
Release Notes
https://github.com/facebook/lexical/releases/tag/v0.10.0
Release Notes

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:facebook:lexical:*:*:*:*:*:*:*:*

Версия до 0.10.0 (исключая)

EPSS

Процентиль: 32%

0.00123

Низкий

6.1 Medium

CVSS3

Дефекты

CWE-79

CWE-79

Связанные уязвимости

GHSA-6m63-xcvc-h2vg

CVSS3: 6.1

github

почти 3 года назад

Anchor tag hrefs in Lexical prior to v0.10.0 would render javascript: URLs, allowing for cross-site scripting on link clicks in cases where input was being parsed from untrusted sources.

EPSS

Процентиль: 32%

0.00123

Низкий

6.1 Medium

CVSS3

Дефекты

CWE-79

CWE-79