CVE-2023-42808

Source
https://cve.org/CVERecord?id=CVE-2023-42808
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-42808.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2023-42808
Published
2023-10-04T19:11:22.906Z
Modified
2026-04-10T05:04:47.382698Z
Severity
  • 6.1 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVSS Calculator
Summary
Common Voice Cross-site Scripting vulnerability
Details

Common Voice is the web app for Mozilla Common Voice, a platform for collecting speech donations in order to create public domain datasets for training voice recognition-related tools. Version 1.88.2 is vulnerable to reflected Cross-Site Scripting given that user-controlled data flows to a path expression (path of a network request). This issue may lead to reflected Cross-Site Scripting (XSS) in the context of Common Voice’s server origin. As of time of publication, it is unknown whether any patches or workarounds exist.

Database specific
{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/42xxx/CVE-2023-42808.json",
    "cna_assigner": "GitHub_M",
    "cwe_ids": [
        "CWE-79"
    ]
}
References

Affected packages

Git / github.com/common-voice/common-voice

Affected ranges

Type
GIT
Repo
https://github.com/common-voice/common-voice
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
Database specific
{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "last_affected": "1.88.2"
        }
    ]
}

Affected versions

Other
4db8fb386
dev-v1.*
dev-v1.23.0-test-master
dev-v1.23.0-test-master-1
release-v1.*
release-v1.26.0
release-v1.27.0
release-v1.27.1
release-v1.27.2
release-v1.28.0
release-v1.28.1-redirect-hotfix
release-v1.29.0
release-v1.30.0
release-v1.30.1-fxvoice-link
release-v1.30.2-null-clip-locales
release-v1.31.0
release-v1.32.0
release-v1.33.0
release-v1.33.1-rw-sentences
release-v1.34.1-ga-hash
release-v1.35.0
release-v1.35.1-lg-contributable
release-v1.35.2-rc1-lg-pontoon
release-v1.39.3
release-v1.39.4-rc1
release-v1.39.5
release-v1.40.0
release-v1.40.1
release-v1.41.0
release-v1.42.0
release-v1.43.0
release-v1.44.0
release-v1.46.0
release-v1.47.0
release-v1.47.1-cinchy-hotfix
release-v1.48.0
release-v1.56.0
release-v1.56.1
release-v1.56.2
release-v1.57.0
release-v1.58.0
release-v1.62.0
release-v1.63.0
release-v1.63.1
release-v1.64.0
release-v1.65.0
release-v1.65.1
release-v1.66.3
release-v1.67.3
release-v1.69.0
release-v1.69.1
release-v1.69.2
release-v1.70.0
release-v1.71.0
release-v1.72.1
release-v1.73.1
release-v1.73.2
release-v1.73.3
release-v1.73.4
release-v1.74.0
release-v1.74.1
release-v1.75.0
release-v1.75.1
release-v1.76.0
release-v1.76.1
release-v1.76.2
release-v1.77.0
release-v1.78.0
release-v1.79.0
release-v1.80.0
release-v1.81.0
release-v1.81.1
release-v1.81.2
release-v1.81.3
release-v1.82.1
release-v1.83.0
release-v1.84.0
release-v1.85.0
release-v1.86.0
release-v1.86.1
release-v1.86.2
release-v1.87.0
release-v1.87.1
release-v1.87.2
release-v1.88.0
release-v1.88.1
release-v1.88.2
sandbox-v0.*
sandbox-v0.0.1
sandbox-v0.0.2
sandbox-v0.0.3
sandbox-v0.0.4
sandbox-v0.0.5
stage-v1.*
stage-v1.23-k8s-stage
stage-v1.24.0-rc1
stage-v1.26.0-rc1
stage-v1.27.0-rc1
stage-v1.27.1-rc1
stage-v1.30.0-rc2
stage-v1.31.0-rc1
stage-v1.31.0-rc2
stage-v1.32.0-rc1
stage-v1.33.0-rc1
stage-v1.33.0-rc2
stage-v1.33.0-rc3
stage-v1.34.1-rc1
stage-v1.35.0-rc0-rs-metadata-test
stage-v1.35.0-rc1
stage-v1.35.0-rc2-lg-contributable
stage-v1.35.2-rc1-lg-pontoon
stage-v1.36.0-rc0-metadata-prerelease
stage-v1.37.0-rc1
stage-v1.37.0-rc2
stage-v1.39.3-rc1
stage-v1.39.5-rc1
stage-v1.40.0-rc1
stage-v1.41.0-rc1
stage-v1.41.0-rc3
stage-v1.42.0-rc1
stage-v1.43.0-rc1
stage-v1.44.0-rc1
stage-v1.45.0-rc1
stage-v1.46.0-rc1
stage-v1.47.0-rc1
stage-v1.47.0-rc2
stage-v1.48.0-rc1
stage-v1.49.0-rc1
stage-v1.49.0-rc2
stage-v1.54.1-rc2
stage-v1.56.0-rc1
stage-v1.56.1-rc1
stage-v1.56.1-rc2
stage-v1.57.0-rc1
stage-v1.58.0-rc1
stage-v1.58.0-rc2
stage-v1.62.0-rc1
stage-v1.63.0-rc1
stage-v1.63.1-rc1
stage-v1.64.0-rc2
stage-v1.65.0-rc1
stage-v1.65.0-rc2
stage-v1.65.0-rc3
staging-v0.*
staging-v0.0.1
staging-v0.0.2
staging-v0.0.3
staging-v1.*
staging-v1.23.0-master-test-1
staging-v1.23.0-master-test-2
staging-v1.23.0-ssm-fix
staging-v1.24.0-dataset-lang-switch
staging-v22.*
staging-v22.0-rc1
v1.*
v1.22.0
v1.23.0

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-42808.json"

Git / github.com/mozilla/common-voice

Affected ranges

Type
GIT
Repo
https://github.com/mozilla/common-voice
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
Database specific
{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "last_affected": "1.88.2"
        }
    ]
}

Affected versions

Other
4db8fb386
dev-v1.*
dev-v1.23.0-test-master
dev-v1.23.0-test-master-1
release-v1.*
release-v1.26.0
release-v1.27.0
release-v1.27.1
release-v1.27.2
release-v1.28.0
release-v1.28.1-redirect-hotfix
release-v1.29.0
release-v1.30.0
release-v1.30.1-fxvoice-link
release-v1.30.2-null-clip-locales
release-v1.31.0
release-v1.32.0
release-v1.33.0
release-v1.33.1-rw-sentences
release-v1.34.1-ga-hash
release-v1.35.0
release-v1.35.1-lg-contributable
release-v1.35.2-rc1-lg-pontoon
release-v1.39.3
release-v1.39.4-rc1
release-v1.39.5
release-v1.40.0
release-v1.40.1
release-v1.41.0
release-v1.42.0
release-v1.43.0
release-v1.44.0
release-v1.46.0
release-v1.47.0
release-v1.47.1-cinchy-hotfix
release-v1.48.0
release-v1.56.0
release-v1.56.1
release-v1.56.2
release-v1.57.0
release-v1.58.0
release-v1.62.0
release-v1.63.0
release-v1.63.1
release-v1.64.0
release-v1.65.0
release-v1.65.1
release-v1.66.3
release-v1.67.3
release-v1.69.0
release-v1.69.1
release-v1.69.2
release-v1.70.0
release-v1.71.0
release-v1.72.1
release-v1.73.1
release-v1.73.2
release-v1.73.3
release-v1.73.4
release-v1.74.0
release-v1.74.1
release-v1.75.0
release-v1.75.1
release-v1.76.0
release-v1.76.1
release-v1.76.2
release-v1.77.0
release-v1.78.0
release-v1.79.0
release-v1.80.0
release-v1.81.0
release-v1.81.1
release-v1.81.2
release-v1.81.3
release-v1.82.1
release-v1.83.0
release-v1.84.0
release-v1.85.0
release-v1.86.0
release-v1.86.1
release-v1.86.2
release-v1.87.0
release-v1.87.1
release-v1.87.2
release-v1.88.0
release-v1.88.1
release-v1.88.2
sandbox-v0.*
sandbox-v0.0.1
sandbox-v0.0.2
sandbox-v0.0.3
sandbox-v0.0.4
sandbox-v0.0.5
stage-v1.*
stage-v1.23-k8s-stage
stage-v1.24.0-rc1
stage-v1.26.0-rc1
stage-v1.27.0-rc1
stage-v1.27.1-rc1
stage-v1.30.0-rc2
stage-v1.31.0-rc1
stage-v1.31.0-rc2
stage-v1.32.0-rc1
stage-v1.33.0-rc1
stage-v1.33.0-rc2
stage-v1.33.0-rc3
stage-v1.34.1-rc1
stage-v1.35.0-rc0-rs-metadata-test
stage-v1.35.0-rc1
stage-v1.35.0-rc2-lg-contributable
stage-v1.35.2-rc1-lg-pontoon
stage-v1.36.0-rc0-metadata-prerelease
stage-v1.37.0-rc1
stage-v1.37.0-rc2
stage-v1.39.3-rc1
stage-v1.39.5-rc1
stage-v1.40.0-rc1
stage-v1.41.0-rc1
stage-v1.41.0-rc3
stage-v1.42.0-rc1
stage-v1.43.0-rc1
stage-v1.44.0-rc1
stage-v1.45.0-rc1
stage-v1.46.0-rc1
stage-v1.47.0-rc1
stage-v1.47.0-rc2
stage-v1.48.0-rc1
stage-v1.49.0-rc1
stage-v1.49.0-rc2
stage-v1.54.1-rc2
stage-v1.56.0-rc1
stage-v1.56.1-rc1
stage-v1.56.1-rc2
stage-v1.57.0-rc1
stage-v1.58.0-rc1
stage-v1.58.0-rc2
stage-v1.62.0-rc1
stage-v1.63.0-rc1
stage-v1.63.1-rc1
stage-v1.64.0-rc2
stage-v1.65.0-rc1
stage-v1.65.0-rc2
stage-v1.65.0-rc3
staging-v0.*
staging-v0.0.1
staging-v0.0.2
staging-v0.0.3
staging-v1.*
staging-v1.23.0-master-test-1
staging-v1.23.0-master-test-2
staging-v1.23.0-ssm-fix
staging-v1.24.0-dataset-lang-switch
staging-v22.*
staging-v22.0-rc1
v1.*
v1.22.0
v1.23.0

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-42808.json"