3 matches found
CVE-2023-25154 Cross site scripting (XSS) of ActivityPub URI in misskey
Misskey is an open source, decentralized social media platform. In versions prior to 13.5.0 the link to the instance to the sender that appears when viewing a user or note received through ActivityPub is not properly validated, so by inserting a URL with a javascript scheme an attacker may execut...
CVE-2023-25154 Cross site scripting (XSS) of ActivityPub URI in misskey
Misskey is an open source, decentralized social media platform. In versions prior to 13.5.0 the link to the instance to the sender that appears when viewing a user or note received through ActivityPub is not properly validated, so by inserting a URL with a javascript scheme an attacker may execut...
CVE-2023-25154
Misskey vulnerability (CVE-2023-25154) affects versions prior to 13.5.0 where the ActivityPub link to the sender’s instance is not properly validated. An attacker could inject a javascript: URL in a link viewed on a user or note, enabling JavaScript execution in the recipient’s context. The issue...