CVE-2023-25154

Source
https://cve.org/CVERecord?id=CVE-2023-25154
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-25154.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2023-25154
Aliases
  • GHSA-pfp5-r48x-fg25
Published
2023-02-22T19:00:25.905Z
Modified
2026-07-15T01:48:56.783400434Z
Severity
  • 7.1 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L CVSS Calculator
Summary
Cross site scripting (XSS) of ActivityPub URI in misskey
Details

Misskey is an open source, decentralized social media platform. In versions prior to 13.5.0 the link to the instance to the sender that appears when viewing a user or note received through ActivityPub is not properly validated, so by inserting a URL with a javascript scheme an attacker may execute JavaScript code in the context of the recipient. This issue has been fixed in version 13.5.0. Users are advised to upgrade. Users unable to upgrade should not "view on remote" for untrusted instances.

Database specific
{
    "cna_assigner": "GitHub_M",
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/25xxx/CVE-2023-25154.json",
    "cwe_ids": [
        "CWE-79"
    ]
}
References

Affected packages

Git / github.com/misskey-dev/misskey

Affected ranges

Type
GIT
Repo
https://github.com/misskey-dev/misskey
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
Database specific
{
    "cpe": "cpe:2.3:a:misskey:misskey:*:*:*:*:*:*:*:*",
    "source": [
        "AFFECTED_FIELD",
        "CPE_RANGE"
    ],
    "extracted_events": [
        {
            "introduced": "0"
        },
        {
            "fixed": "13.5.0"
        }
    ]
}

Affected versions

0.*
0.0.5018
0.0.5023
0.0.5030
0.0.5042
0.0.5051
0.0.5064
0.0.5074
0.0.5089
1.*
1.0.0
1.1.0
1.2.0
1.3.0
1.4.0
1.5.0
1.6.0
1.7.0
10.*
10.0.0
10.1.0
10.10.0
10.10.1
10.11.0
10.11.1
10.12.0
10.12.1
10.13.0
10.14.0
10.15.0
10.16.0
10.17.0
10.18.0
10.19.0
10.2.0
10.2.1
10.20.0
10.21.0
10.21.1
10.21.2
10.21.3
10.22.0
10.22.1
10.23.0
10.23.1
10.24.0
10.25.0
10.26.0
10.27.0
10.28.0
10.29.0
10.29.1
10.3.0
10.30.0
10.30.1
10.30.2
10.30.3
10.31.0
10.32.0
10.33.0
10.34.0
10.35.0
10.35.1
10.36.0
10.36.1
10.37.0
10.38.0
10.38.1
10.38.2
10.38.3
10.38.4
10.38.5
10.38.6
10.38.7
10.38.8
10.39.0
10.39.1
10.4.0
10.40.0
10.40.1
10.41.0
10.42.0
10.42.2
10.43.0
10.43.1
10.44.0
10.44.1
10.44.2
10.45.0
10.46.0
10.46.1
10.46.2
10.47.0
10.48.0
10.48.1
10.49.0
10.49.1
10.49.2
10.49.3
10.49.4
10.49.5
10.49.6
10.49.7
10.5.0
10.50.0
10.51.0
10.51.1
10.51.2
10.52.0
10.53.0
10.54.0
10.55.0
10.56.0
10.56.1
10.56.2
10.57.0
10.57.1
10.57.2
10.57.3
10.58.0
10.58.1
10.58.2
10.59.0
10.59.1
10.59.2
10.59.3
10.59.4
10.6.0
10.60.0
10.60.1
10.60.2
10.60.3
10.60.4
10.61.0
10.62.0
10.62.1
10.62.2
10.63.0
10.63.1
10.64.0
10.64.1
10.64.2
10.65.0
10.66.0
10.66.1
10.66.2
10.67.0
10.68.0
10.69.0
10.7.0
10.7.1
10.7.2
10.70.0
10.70.1
10.71.0
10.72.0
10.73.0
10.74.0
10.75.0
10.76.0
10.77.0
10.78.0
10.78.1
10.78.2
10.78.3
10.78.4
10.78.5
10.79.0
10.79.1
10.8.0
10.80.0
10.81.0
10.82.0
10.82.1
10.82.2
10.82.3
10.82.4
10.83.0
10.84.0
10.84.1
10.84.2
10.85.0
10.85.1
10.85.2
10.86.0
10.86.1
10.86.2
10.87.0
10.87.1
10.87.2
10.87.3
10.87.4
10.87.5
10.88.0
10.89.0
10.89.1
10.9.0
10.9.1
10.9.2
10.90.0
10.90.1
10.90.2
10.90.3
10.90.4
10.91.0
10.91.1
10.91.2
10.92.0
10.92.1
10.92.2
10.92.3
10.92.4
10.93.0
10.93.1
10.94.0
10.95.0
10.96.0
10.97.0
10.97.1
10.97.2
10.98.0
10.98.1
10.98.2
10.98.3
10.99.0
11.*
11.0.0-alpha.1
11.0.0-alpha.10
11.0.0-alpha.2
11.0.0-alpha.3
11.0.0-alpha.4
11.0.0-alpha.5
11.0.0-alpha.6
11.0.0-alpha.7
11.0.0-alpha.8
11.0.0-beta.1
11.0.0-beta.10
11.0.0-beta.11
11.0.0-beta.12
11.0.0-beta.13
11.0.0-beta.14
11.0.0-beta.15
11.0.0-beta.16
11.0.0-beta.2
11.0.0-beta.3
11.0.0-beta.4
11.0.0-beta.5
11.0.0-beta.6
11.0.0-beta.7
11.0.0-beta.8
11.0.0-beta.9
11.26.1
11.26.2
11.27.0
11.27.1
11.28.0
11.28.1
11.28.2
11.29.0
11.30.0
11.31.0
11.31.1
11.31.2
11.31.3
11.31.4
11.32.0
11.33.0
11.34.0
11.35.0
11.35.1
11.36.0
11.37.0
11.37.1
12.*
12.0.0
12.1.0
12.10.0
12.100.0
12.100.1
12.100.2
12.101.0
12.101.1
12.102.0
12.102.1
12.103.0
12.103.1
12.104.0
12.105.0
12.106.0
12.106.1
12.106.2
12.106.3
12.107.0
12.108.0
12.108.1
12.109.0
12.109.1
12.109.2
12.11.0
12.110.0
12.110.1
12.111.0
12.111.1
12.112.0
12.112.1
12.112.2
12.112.3
12.113.0
12.114.0
12.115.0
12.116.0
12.116.1
12.117.0
12.117.1
12.118.0
12.118.1
12.119.0
12.119.1
12.12.0
12.13.0
12.14.0
12.15.0
12.16.0
12.17.0
12.18.0
12.18.1
12.19.0
12.2.0
12.20.0
12.21.0
12.29.0
12.3.0
12.30.0
12.31.0
12.32.0
12.33.0
12.34.0
12.35.0
12.35.1
12.35.2
12.36.0
12.36.1
12.37.0
12.38.0
12.38.1
12.39.0
12.39.1
12.4.0
12.4.1
12.40.0
12.41.0
12.41.1
12.41.2
12.41.3
12.42.0
12.43.0
12.44.0
12.44.1
12.45.0
12.45.1
12.46.0
12.47.0
12.47.1
12.48.0
12.48.1
12.48.2
12.48.3
12.49.0
12.49.1
12.5.0
12.50.0
12.51.0
12.52.0
12.53.0
12.54.0
12.55.0
12.56.0
12.57.0
12.57.1
12.57.4
12.58.0
12.59.0
12.6.0
12.60.0
12.60.1
12.61.0
12.61.1
12.62.0
12.62.1
12.62.2
12.63.0
12.64.0
12.64.1
12.64.2
12.65.0
12.65.1
12.65.2
12.65.3
12.65.4
12.65.5
12.65.6
12.65.7
12.66.0
12.67.0
12.67.1
12.68.0
12.69.0
12.7.0
12.7.1
12.70.0
12.71.0
12.72.0
12.73.0
12.74.0
12.74.1
12.75.0
12.75.1
12.76.0
12.76.1
12.77.0
12.77.1
12.78.0
12.79.0
12.79.1
12.79.2
12.79.3
12.8.0
12.80.0
12.80.1
12.80.2
12.80.3
12.81.0
12.81.1
12.81.2
12.82.0
12.83.0
12.84.0
12.84.1
12.84.2
12.84.3
12.85.0
12.85.1
12.86.0
12.87.0
12.88.0
12.89.0
12.89.1
12.89.2
12.9.0
12.90.0
12.90.1
12.91.0
12.92.0
12.93.0
12.93.1
12.93.2
12.94.0
12.94.1
12.95.0
12.96.0
12.96.1
12.97.0
12.97.1
12.98.0
12.99.0
12.99.1
12.99.2
12.99.3
13.*
13.0.0
13.1.0
13.1.1
13.1.2
13.1.3
13.1.4
13.1.5
13.1.6
13.1.7
13.1.8
13.2.0
13.2.1
13.2.2
13.2.3
13.2.4
13.2.5
13.2.6
13.3.0
13.3.1
13.3.2
13.3.3
13.3.4
13.4.0
2.*
2.0.0
2.1.1
2.1.2
2.1.3
2.1.4
2.10.0
2.10.1
2.11.0
2.12.0
2.13.0
2.14.0
2.15.0
2.16.0
2.16.1
2.16.2
2.16.3
2.16.4
2.16.5
2.16.6
2.16.7
2.16.8
2.17.0
2.18.0
2.18.2
2.19.0
2.2.0
2.20.0
2.20.1
2.21.0
2.21.1
2.22.0
2.22.1
2.22.2
2.22.3
2.23.0
2.24.0
2.24.1
2.24.2
2.25.1
2.25.2
2.27.3
2.29.0
2.29.1
2.3.0
2.3.1
2.30.0
2.30.1
2.31.0
2.32.0
2.33.0
2.33.1
2.34.0
2.34.1
2.34.3
2.35.1
2.35.2
2.35.3
2.36.1
2.37.1
2.37.2
2.37.3
2.37.4
2.37.5
2.37.6
2.37.7
2.38.2
2.38.3
2.4.0
2.40.0
2.40.1
2.41.1
2.42.0
2.5.0
2.6.2
2.7.1
2.9.0
2.9.1
3.*
3.0.1
3.1.0
3.1.1
4.*
4.10.0
4.11.0
4.12.0
4.13.0
4.14.0
4.15.0
4.17.1
4.19.1
4.2.0
4.20.0
4.22.1
4.23.1
4.24.1
4.25.0
4.26.0
4.3.0
4.3.1
4.5.0
4.7.0
4.7.1
4.9.0
5.*
5.0.0
5.1.0
5.10.0
5.11.0
5.12.0
5.13.0
5.13.1
5.13.2
5.14.0
5.15.0
5.16.0
5.17.0
5.18.0
5.19.0
5.20.0
5.20.1
5.21.0
5.22.0
5.22.1
5.23.0
5.23.1
5.23.2
5.24.0
5.24.1
5.25.0
5.3.0
5.4.0
5.5.0
5.6.1
5.6.2
6.*
6.0.0
6.0.1
6.0.2
6.1.0
6.2.0
6.3.0
6.4.0
6.4.1
7.*
7.0.0
7.0.2
7.1.0
7.1.1
7.1.2
7.2.0
7.3.0
8.*
8.17.0
8.18.0
8.19.0
8.19.1
8.20.0
8.21.0
8.23.0
8.24.0
8.25.0
8.26.0
8.27.0
8.28.0
8.28.1
8.29.0
8.30.0
8.31.0
8.32.0
8.33.0
8.34.0
8.34.1
8.34.2
8.34.3
8.34.4
8.35.0
8.36.0
8.37.0
8.38.0
8.39.0
8.40.0
8.41.0
8.42.0
8.43.0
8.44.0
8.44.1
8.45.0
8.45.1
8.46.0
8.47.0
8.48.0
8.49.0
8.5.1
8.50.0
8.51.0
8.52.0
8.53.0
8.54.0
8.55.0
8.56.0
8.57.0
8.57.1
8.58.0
8.59.0
8.60.0
8.61.0
8.62.0
8.63.0
8.64.0
9.*
9.0.0
9.1.0
9.2.0
9.3.0
9.3.1
9.4.0
9.5.0
9.6.0
9.7.0
9.7.1

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-25154.json"