Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
NA

CVE-2023-24811

Published: 22/02/2023 Updated: 07/11/2023
CVSS v3 Base Score: 6.1 | Impact Score: 2.7 | Exploitability Score: 2.8
VMScore: 0
Subscribe to Misskey

Vulnerability Summary

Misskey is an open source, decentralized social media platform. In versions before 13.3.2 the URL preview function is subject to a cross site scripting vulnerability due to insufficient URL validation. Arbitrary JavaScript is executed when a malicious URL is loaded in the `View in Player` or `View in Window` preview. This has been fixed in version 13.3.2. Users are advised to upgrade. Users unable to upgrade should avoid usage of the `View in Player` or `View in Window` functions.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

misskey misskey

References

CWE-79https://github.com/misskey-dev/misskey/commit/38f9d1e76428bea47c5944c440eab25428c7d99ehttps://github.com/misskey-dev/misskey/security/advisories/GHSA-vc39-c453-67g3https://nvd.nist.gov
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
SSTICVE-2024-35863CVE-2024-35910man-in-the-middleCVE-2024-35912CVE-2024-25742LFICVE-2024-32002CVE-2024-22120
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook