Vulnerability Details CVE-2023-26140
Versions of the package @excalidraw/excalidraw from 0.0.0 are vulnerable to Cross-site Scripting (XSS) via embedded links in whiteboard objects due to improper input sanitization.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 35.2%
CVSS Severity
CVSS v3 Score 6.1
References
- https://github.com/excalidraw/excalidraw/commit/b33fa6d6f64d27adc3a47b25c0aa55711740d0af
- https://github.com/excalidraw/excalidraw/pull/6728
- https://security.snyk.io/vuln/SNYK-JS-EXCALIDRAWEXCALIDRAW-5841658
- https://github.com/excalidraw/excalidraw/commit/b33fa6d6f64d27adc3a47b25c0aa55711740d0af
- https://github.com/excalidraw/excalidraw/pull/6728
- https://security.snyk.io/vuln/SNYK-JS-EXCALIDRAWEXCALIDRAW-5841658
Products affected by CVE-2023-26140
-
cpe:2.3:a:excalidraw:excalidraw:-
-
cpe:2.3:a:excalidraw:excalidraw:0.10.0
-
cpe:2.3:a:excalidraw:excalidraw:0.11.0
-
cpe:2.3:a:excalidraw:excalidraw:0.12.0
-
cpe:2.3:a:excalidraw:excalidraw:0.13.0
-
cpe:2.3:a:excalidraw:excalidraw:0.14.0
-
cpe:2.3:a:excalidraw:excalidraw:0.14.1
-
cpe:2.3:a:excalidraw:excalidraw:0.14.2
-
cpe:2.3:a:excalidraw:excalidraw:0.15.0
-
cpe:2.3:a:excalidraw:excalidraw:0.9.0