CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
EPSS
Percentile
33.1%
webmention.js prior to 0.5.5 is vulnerable to cross-site scripting.
Vendor | Product | Version | CPE |
---|---|---|---|
plaidweb | webmention.js | * | cpe:2.3:a:plaidweb:webmention.js:*:*:*:*:*:*:*:* |
github.com/advisories/GHSA-r54g-4qq6-chxg
github.com/PlaidWeb/webmention.js/blob/9457e71433c0d2430bbe767ecc5b5837140d0ee4/static/webmention.js#L330
github.com/plaidweb/webmention.js/commit/3551b66b3e40da37fee89ecf72930c5efdc53011
huntr.dev/bounties/75cfb7ad-a75f-45ff-8688-32a9c55179aa
nvd.nist.gov/vuln/detail/CVE-2023-3672