Lucene search
FacebookCVE-2023-30792HistoryApr 29, 2023 - 3:15 a.m.
CVE-2023-30792
2023-04-2903:15:08
CWE-79
facebook
web.nvd.nist.gov
24
cve-2023-30792
anchor tag
lexical
v0.10.0
cross-site scripting
untrusted sources
nvd
CVSS3
6.1
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
EPSS
0.001
Percentile
18.2%
Anchor tag hrefs in Lexical prior to v0.10.0 would render javascript: URLs, allowing for cross-site scripting on link clicks in cases where input was being parsed from untrusted sources.
Affected configurations
Node
facebooklexicalRange<0.10.0
CNA Affected
[
{
"defaultStatus": "unaffected",
"product": "Lexical",
"vendor": "Meta Platforms, Inc",
"versions": [
{
"lessThan": "0.10.0",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
}
]
}
]Related
prion
prion
Cross site scripting
2023-04-29 03:15:00
osv
osv
CVE-2023-30792
2023-04-29 03:15:08
cvelist
cvelist
CVE-2023-30792
2023-04-29 02:21:49
veracode
veracode
Cross-site Scripting (XSS)
2023-05-08 02:18:01
nvd
nvd
CVE-2023-30792
2023-04-29 03:15:08
CVSS3
6.1
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
EPSS
0.001
Percentile
18.2%
Related for CVE-2023-30792