We use these services and cookies to improve your user experience. You may opt out if you wish, however, this may limit some features on this site.

Please see our statement on Data Privacy.

Crisp.chat (Helpdesk and Chat)

Ok

THREATINT
PUBLISHED

CVE-2023-26140



Description

Versions of the package @excalidraw/excalidraw from 0.0.0 are vulnerable to Cross-site Scripting (XSS) via embedded links in whiteboard objects due to improper input sanitization.

Reserved 2023-02-20 | Published 2023-08-16 | Updated 2024-10-02 | Assigner snyk


MEDIUM: 6.1CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:P

Problem types

Cross-site Scripting (XSS)

Credits

Eugene Lim

The MOps Team

References

security.snyk.io/vuln/SNYK-JS-EXCALIDRAWEXCALIDRAW-5841658

github.com/excalidraw/excalidraw/pull/6728

github.com/...ommit/b33fa6d6f64d27adc3a47b25c0aa55711740d0af

cve.org (CVE-2023-26140)

nvd.nist.gov (CVE-2023-26140)

Download JSON

Share this page
https://cve.threatint.com/CVE/CVE-2023-26140

Support options

Helpdesk Chat, Email, Knowledgebase
Telegram Chat
Subscribe to our newsletter to learn more about our work.

© Copyright 2024 THREATINT
Made in Cyprus with +
 System status
Find us on
Data Privacy
Terms of Use
Logo BSI Allianz für Cyber-Sicherheit
Error loading Crisp.chat. Please check your web content filter and browser plugins.