CVE-2023-36459

Mastodon is a free, open-source social network server based on ActivityPub. Starting in version 1.3 and prior to versions 3.5.9, 4.0.5, and 4.1.3, an attacker using carefully crafted oEmbed data can bypass the HTML sanitization performed by Mastodon and include arbitrary HTML in oEmbed preview...

Mastodon Social Network Patches Critical Flaws Allowing Server Takeover

Mastodon, a popular decentralized social network, has released a security update to fix critical vulnerabilities that could expose millions of users to potential attacks. Mastodon is known for its federated model, consisting of thousands of separate servers called "instances," and it has over 14...

CVE-2023-36459

creationtimestamp| type| source ---|---|--- 2023-07-06 22:20:32+00:00| seen| https://t.me/cibsecurity/66154 2023-07-09 11:59:01+00:00| seen| https://t.me/itsecnews/2882 2023-07-10 16:30:05+00:00| seen| https://t.me/truesecator/4597 2023-07-11 04:43:41+00:00| seen|...

CVE-2023-36459

Mastodon is a free, open-source social network server based on ActivityPub. Starting in version 1.3 and prior to versions 3.5.9, 4.0.5, and 4.1.3, an attacker using carefully crafted oEmbed data can bypass the HTML sanitization performed by Mastodon and include arbitrary HTML in oEmbed preview...

CVE-2023-36459 Mastodon vulnerable to Cross-site Scripting through oEmbed preview cards

Mastodon is a free, open-source social network server based on ActivityPub. Starting in version 1.3 and prior to versions 3.5.9, 4.0.5, and 4.1.3, an attacker using carefully crafted oEmbed data can bypass the HTML sanitization performed by Mastodon and include arbitrary HTML in oEmbed preview...

CVE-2023-36459

CVE-2023-36459 affects Mastodon: injection bypasses HTML sanitization via crafted oEmbed data, enabling XSS in preview cards. Affected versions are prior to 3.5.9, 4.0.5, and 4.1.3. The issue is mitigated by upgrading to 3.5.9, 4.0.5, or 4.1.3 where a patch exists.