CVE-2023-1767

CVSS V2 None CVSS V3 None
Description
The Snyk Advisor website (https://snyk.io/advisor/) was vulnerable to a stored XSS prior to 28th March 2023. A feature of Snyk Advisor is to display the contents of a scanned package's Readme on its package health page. An attacker could create a package in NPM with an associated markdown README file containing XSS-able HTML tags. Upon Snyk Advisor importing the package, the XSS would run each time an end user browsed to the package's page on Snyk Advisor.
Overview
  • CVE ID
  • CVE-2023-1767
  • Assigner
  • report@snyk.io
  • Vulnerability Status
  • Undergoing Analysis
  • Published Version
  • 2023-04-20T10:15:07
  • Last Modified Date
  • 2023-04-20T13:15:05
History
Created Old Value New Value Data Type Notes
2023-04-20 11:00:48 Added to TrackCVE
2023-04-20 11:00:49 Weakness Enumeration new
2023-04-20 14:02:16 2023-04-20T13:15:05 CVE Modified Date updated
2023-04-20 14:02:16 Received Awaiting Analysis Vulnerability Status updated
2023-04-27 13:00:51 Awaiting Analysis Undergoing Analysis Vulnerability Status updated