CVE-2023-24811 — HIGH (7.1)

Q: How severe is CVE-2023-24811?

CVE-2023-24811 has been rated HIGH with a CVSS base score of 7.1/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2023-24811?

Check the references section above for vendor advisories and patch information. Affected products include: Misskey Misskey.

Vulnerability Description

Misskey is an open source, decentralized social media platform. In versions prior to 13.3.2 the URL preview function is subject to a cross site scripting vulnerability due to insufficient URL validation. Arbitrary JavaScript is executed when a malicious URL is loaded in the `View in Player` or `View in Window` preview. This has been fixed in version 13.3.2. Users are advised to upgrade. Users unable to upgrade should avoid usage of the `View in Player` or `View in Window` functions.

CVSS Score

7.1

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality

LOW

Integrity

LOW

Availability

LOW

Affected Products

Vendor	Product	Versions
Misskey	Misskey	< 13.3.2

Related Weaknesses (CWE)

CWE-79

References

FAQ

What is CVE-2023-24811?

CVE-2023-24811 is a vulnerability with a CVSS score of 7.1 (HIGH). Misskey is an open source, decentralized social media platform. In versions prior to 13.3.2 the URL preview function is subject to a cross site scripting vulnerability due to insufficient URL validati...

How severe is CVE-2023-24811?

CVE-2023-24811 has been rated HIGH with a CVSS base score of 7.1/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2023-24811?

Check the references section above for vendor advisories and patch information. Affected products include: Misskey Misskey.