11 matches found
Malicious code in posthog-js (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2b422f278bf27e062b349e97360b6919e773122f21656f23d6da583ce7cb1a92 The package posthog-js was found to contain malicious code. Source: google-open-source-security...
MAL-2025-191402 Malicious code in posthog-js (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2b422f278bf27e062b349e97360b6919e773122f21656f23d6da583ce7cb1a92 The package posthog-js was found to contain malicious code. Source: google-open-source-security...
@apolitical/component-library (>=7.0.3 <=10.4.3-db.1), @jacksondr5/component-library (=0.1.0) +15 more potentially affected by unknown CVE via posthog-js (>=1.100.0 <=1.297.2)
posthog-js NPM version =1.100.0, =7.0.3, =0.1.0, =0.1.0, =1.0.0, =0.0.1, =0.16.0, =2.1.0, =0.1.0, =0.0.1, =1.0.0, =1.1.0, =2.0.5, =0.4.2, =3.28.0, =3.114.0-rc.0 and more Source cves: unknown CVE Source advisory: OSV:MAL-2025-191402...
CVE-2023-32325
PostHog-js is a library to interface with the PostHog analytics tool. Versions prior to 1.57.2 have the potential for cross-site scripting. Problem has been patched in 1.57.2. Users are advised to upgrade. Users unable to upgrade should ensure that their Content Security Policy is in place...
CVE-2023-32325
PostHog-js is a library to interface with the PostHog analytics tool. Versions prior to 1.57.2 have the potential for cross-site scripting. Problem has been patched in 1.57.2. Users are advised to upgrade. Users unable to upgrade should ensure that their Content Security Policy is in place...
CVE-2023-32325
CVE-2023-32325 affects the PostHog-js library. Versions prior to 1.57.2 are vulnerable to cross-site scripting due to improper handling in the library. The issue has been patched in 1.57.2. Users should upgrade to 1.57.2 or later. If upgrading is not possible, enforce a strong Content Security Po...
CVE-2023-32325 Cross-site scripting in PostHog-js
PostHog-js is a library to interface with the PostHog analytics tool. Versions prior to 1.57.2 have the potential for cross-site scripting. Problem has been patched in 1.57.2. Users are advised to upgrade. Users unable to upgrade should ensure that their Content Security Policy is in place...
CVE-2023-32325 Cross-site scripting in PostHog-js
PostHog-js is a library to interface with the PostHog analytics tool. Versions prior to 1.57.2 have the potential for cross-site scripting. Problem has been patched in 1.57.2. Users are advised to upgrade. Users unable to upgrade should ensure that their Content Security Policy is in place...
CVE-2023-32325 Cross-site scripting in PostHog-js
PostHog-js is a library to interface with the PostHog analytics tool. Versions prior to 1.57.2 have the potential for cross-site scripting. Problem has been patched in 1.57.2. Users are advised to upgrade. Users unable to upgrade should ensure that their Content Security Policy is in place...
Potential for cross-site scripting in PostHog-js
Impact Potential for cross-site scripting in posthog-js. Patches The problem has been patched in posthog-js version 1.57.2. Workarounds - This isn't an issue for sites that have a Content Security Policy in place. - Using the HTML tracking snippet on PostHog Cloud always guarantees the latest...
GHSA-8775-5HWV-WR6V Potential for cross-site scripting in PostHog-js
Impact Potential for cross-site scripting in posthog-js. Patches The problem has been patched in posthog-js version 1.57.2. Workarounds - This isn't an issue for sites that have a Content Security Policy in place. - Using the HTML tracking snippet on PostHog Cloud always guarantees the latest...