CVE-2023-32325

2023-05-2700:15:09

CWE-79

[email protected]

web.nvd.nist.gov

posthog-js

library

interface

analytics tool

xss vulnerability

patch

upgrade

content security policy

nvd

6.1 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

0.001 Low

EPSS

Percentile

32.5%

JSON

PostHog-js is a library to interface with the PostHog analytics tool. Versions prior to 1.57.2 have the potential for cross-site scripting. Problem has been patched in 1.57.2. Users are advised to upgrade. Users unable to upgrade should ensure that their Content Security Policy is in place.

Affected configurations

Vulners

NVD

Node

posthogposthog-jsRange<1.57.2

VendorProductVersionCPE
posthogposthog\-js*cpe:2.3:a:posthog:posthog\-js:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
posthog	posthog\-js	*	cpe:2.3:a:posthog:posthog\-js::::::::

CNA Affected

[
  {
    "vendor": "PostHog",
    "product": "posthog-js",
    "versions": [
      {
        "version": "< 1.57.2",
        "status": "affected"
      }
    ]
  }
]