CVE-2023-3672

CVSS 3.1 Score 7.8 of 10 (high)

Details

Published Jul 14, 2023

Updated: Jul 25, 2023

CWE ID 59

Summary

CVE-2023-3672 denotes a Cross-site Scripting (XSS) vulnerability in the GitHub repository plaidweb/webmention.js, specifically affecting versions below 0.5.5. This issue allows malicious actors to inject malicious scripts into web pages viewed by other users, potentially leading to data theft or unauthorized access. The DOM XSS flaw can be exploited by embedding malicious webmentions, enabling attackers to execute arbitrary code within the user's browser. To mitigate the risk, users are urged to update their webmention.js library to the latest version, 0.5.5 or above.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/ryjs9f
https://www.cve.org/CVERecord?id=CVE-2023-3672
https://nvd.nist.gov/vuln/detail/CVE-2023-3672

Back to Vulnerability Database

CVE-2023-3672

CVSS 3.1 Score 7.8 of 10 (high)

Details

Summary

Advisories, Assessments, and Mitigations