Misskey is a micro-blogging platform. A cross-site scripting vulnerability exists in versions of Misskey prior to 12.51.0, which stems from a built-in dialog box in the Web client that does not validate and escape user input. An attacker could display a malicious string in the dialog box and use a cross-site scripting attack to compromise the API’s request token.
CPE | Name | Operator | Version |
---|---|---|---|
misskey misskey | lt | 12.51.0 |