3 matches found
CVE-2023-24810
Misskey is an open source, decentralized social media platform. Due to insufficient validation of the redirect URL during miauth authentication in Misskey, arbitrary JavaScript can be executed when a user allows the link. All versions below 13.3.1 including 12.x are affected. This has been fixed ...
CVE-2023-24810 Cross site scripting (XSS) vulnerability using authentication callback in Misskey
Misskey is an open source, decentralized social media platform. Due to insufficient validation of the redirect URL during miauth authentication in Misskey, arbitrary JavaScript can be executed when a user allows the link. All versions below 13.3.1 including 12.x are affected. This has been fixed ...
CVE-2023-24810
CVE-2023-24810 affects Misskey prior to 13.3.1, where insufficient validation of the redirect URL during miauth authentication allows arbitrary JavaScript execution when a user approves the link. Versions below 13.3.1 (including 12.x) are impacted; a fix is available in 13.3.1. If upgrading is no...