Vulnerability Details CVE-2023-32325
PostHog-js is a library to interface with the PostHog analytics tool. Versions prior to 1.57.2 have the potential for cross-site scripting. Problem has been patched in 1.57.2. Users are advised to upgrade. Users unable to upgrade should ensure that their Content Security Policy is in place.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.005
EPSS Ranking 64.7%
CVSS Severity
CVSS v3 Score 5.4
References
- https://github.com/PostHog/posthog-js/commit/67e07eb8bb271a3a6f4aa251382e4d25abb385a0
- https://github.com/PostHog/posthog-js/security/advisories/GHSA-8775-5hwv-wr6v
- https://github.com/PostHog/posthog-js/commit/67e07eb8bb271a3a6f4aa251382e4d25abb385a0
- https://github.com/PostHog/posthog-js/security/advisories/GHSA-8775-5hwv-wr6v
Products affected by CVE-2023-32325
-
cpe:2.3:a:posthog:posthog-js:*