CVE-2023-26140

CVSS 3.1 Score 6.1 of 10 (medium)

Details

Published Aug 16, 2023

Updated: Nov 7, 2023

CWE ID 79

Summary

CVE-2023-26140 is a Cross-site Scripting (XSS) vulnerability affecting versions of the @excalidraw/excalidraw package. Malicious scripts can be injected into whiteboard objects through embedded links due to insufficient input sanitization. Successful exploitation of this vulnerability could lead to unintended execution of malicious code in users' browsers, potentially compromising their data or sessions. Users are advised to update to the latest package version or implement input validation measures to mitigate this risk.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/sXB6AY
https://www.cve.org/CVERecord?id=CVE-2023-26140
https://nvd.nist.gov/vuln/detail/CVE-2023-26140

Back to Vulnerability Database

CVE-2023-26140

CVSS 3.1 Score 6.1 of 10 (medium)

Details

Summary

Advisories, Assessments, and Mitigations