We use these services and cookies to improve your user experience. You may opt out if you wish, however, this may limit some features on this site.

Please see our statement on Data Privacy.

Crisp.chat (Helpdesk and Chat)

Ok

THREATINT
PUBLISHED

CVE-2023-26140



Description

Versions of the package @excalidraw/excalidraw from 0.0.0 are vulnerable to Cross-site Scripting (XSS) via embedded links in whiteboard objects due to improper input sanitization.

Reserved 2023-02-20 | Published 2023-08-16 | Updated 2024-10-02 | Assigner snyk


MEDIUM: 6.1CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:P

Problem types

Cross-site Scripting (XSS)

Credits

Eugene Lim

The MOps Team

References

security.snyk.io/vuln/SNYK-JS-EXCALIDRAWEXCALIDRAW-5841658

github.com/excalidraw/excalidraw/pull/6728

github.com/...ommit/b33fa6d6f64d27adc3a47b25c0aa55711740d0af

cve.org (CVE-2023-26140)

nvd.nist.gov (CVE-2023-26140)

Download JSON

Share this page
https://cve.threatint.com/CVE/CVE-2023-26140

Support options

Helpdesk Chat, Email, Knowledgebase
Telegram Chat
Subscribe to our newsletter to learn more about our work.