CVE-2023-26140

CVSS 3.1 Score 6.1 of 10 (medium)

Details

Published Aug 16, 2023
Updated: Nov 7, 2023
CWE ID 79

Summary

CVE-2023-26140 is a Cross-site Scripting (XSS) vulnerability affecting versions of the @excalidraw/excalidraw package. Malicious scripts can be injected into whiteboard objects through embedded links due to insufficient input sanitization. Successful exploitation of this vulnerability could lead to unintended execution of malicious code in users' browsers, potentially compromising their data or sessions. Users are advised to update to the latest package version or implement input validation measures to mitigate this risk.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share