CVE-2023-36459 Mastodon vulnerable to Cross-site Scripting through oEmbed preview cards

🗓️ 06 Jul 2023 18:29:07Reported by GitHub_MType

Mastodon server vulnerable to Cross-site Scriptin

Reporter	Title	Published	Views	Family All 18
BDU FSTEC	The vulnerability of the Mastodon web application for deploying distributed social networks, related to the lack of measures taken to protect the website structure, allows attackers to perform cross-site scripting attacks.	6 Dec 202300:00	–	bdu_fstec
Circl	CVE-2023-36459	6 Jul 202322:20	–	circl
CNNVD	Mastodon 跨站脚本漏洞	6 Jul 202300:00	–	cnnvd
CVE	CVE-2023-36459	6 Jul 202318:29	–	cve
EUVD	EUVD-2023-40421	3 Oct 202520:07	–	euvd
Malwarebytes	"TootRoot" Mastodon vulnerabilities fixed: Admins, patch now!	11 Jul 202302:00	–	malwarebytes
NVD	CVE-2023-36459	6 Jul 202319:15	–	nvd
OSV	BIT-MASTODON-2023-36459 Mastodon vulnerable to Cross-site Scripting through oEmbed preview cards	6 Mar 202410:56	–	osv
OSV	CVE-2023-36459 Mastodon vulnerable to Cross-site Scripting through oEmbed preview cards	6 Jul 202318:29	–	osv
Prion	Cross site scripting	6 Jul 202319:15	–	prion

[
  {
    "vendor": "mastodon",
    "product": "mastodon",
    "versions": [
      {
        "version": ">= 1.3, < 3.5.9",
        "status": "affected"
      },
      {
        "version": ">= 4.0.0, < 4.0.5",
        "status": "affected"
      },
      {
        "version": ">= 4.1.0, < 4.1.3",
        "status": "affected"
      }
    ]
  }
]

Source	Link
github	www.github.com/mastodon/mastodon/releases/tag/v3.5.9
github	www.github.com/mastodon/mastodon/security/advisories/GHSA-ccm4-vgcc-73hp
github	www.github.com/mastodon/mastodon/commit/6d8e0fae3e96f3cf4febe03fa7fcf5b95ff761b2
openwall	www.openwall.com/lists/oss-security/2023/07/06/5
github	www.github.com/mastodon/mastodon/releases/tag/v4.0.5
github	www.github.com/mastodon/mastodon/releases/tag/v4.1.3

06 Jul 2023 18:30Current

8.6High risk

Vulners AI Score8.6

CVSS 3.19.3

EPSS0.00188

CWE-79