A prototype pollution vulnerability exists in Strikingly CMS which can result in reflected cross-site scripting (XSS) in affected applications and sites built with Strikingly. The vulnerability exists because of Strikingly JavaScript library parsing the URL fragment allows access to the __proto__ or constructor properties and the Object prototype. By leveraging an embedded gadget like jQuery, an attacker who convinces a victim to visit a specially crafted link could achieve arbitrary javascript execution in the context of the user's browser.
References
Link | Resource |
---|---|
https://www.tenable.com/security/research/tra-2023-18 | Exploit Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: tenable
Published: 2023-05-08T00:00:00
Updated: 2023-05-08T00:00:00
Reserved: 2023-05-08T00:00:00
Link: CVE-2023-2582
JSON object: View
NVD Information
Status : Analyzed
Published: 2023-05-08T21:15:11.150
Modified: 2023-05-15T17:53:18.677
Link: CVE-2023-2582
JSON object: View
Redhat Information
No data.
CWE