CVE-2023-1767
CVSS V2 None
CVSS V3 None
Description
The Snyk Advisor website (https://snyk.io/advisor/) was vulnerable to a stored XSS prior to 28th March 2023. A feature of Snyk Advisor is to display the contents of a scanned package's Readme on its package health page. An attacker could create a package in NPM with an associated markdown README file containing XSS-able HTML tags. Upon Snyk Advisor importing the package, the XSS would run each time an end user browsed to the package's page on Snyk Advisor.
Overview
- CVE ID
- CVE-2023-1767
- Assigner
- report@snyk.io
- Vulnerability Status
- Undergoing Analysis
- Published Version
- 2023-04-20T10:15:07
- Last Modified Date
- 2023-04-20T13:15:05
Weakness Enumerations
References
Reference URL | Reference Tags |
---|---|
https://support.snyk.io/hc/en-us/articles/10146704933405 | |
https://weizman.github.io/2023/04/10/snyk-xss/ |
Sources
Source Name | Source URL |
---|---|
NIST | https://nvd.nist.gov/vuln/detail/CVE-2023-1767 |
MITRE | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1767 |
History
Created | Old Value | New Value | Data Type | Notes |
---|---|---|---|---|
2023-04-20 11:00:48 | Added to TrackCVE | |||
2023-04-20 11:00:49 | Weakness Enumeration | new | ||
2023-04-20 14:02:16 | 2023-04-20T13:15:05 | CVE Modified Date | updated | |
2023-04-20 14:02:16 | Received | Awaiting Analysis | Vulnerability Status | updated |
2023-04-27 13:00:51 | Awaiting Analysis | Undergoing Analysis | Vulnerability Status | updated |