CVE-2023-3294 HIGH

CVE-2023-3294: Cross-site Scripting (XSS) - DOM in saleor/react-storefront

Vendor Saleor
Product saleor/react-storefront
Weakness CWE-79 · XSS
Published June 16, 2023
Last update December 17, 2024

CVSS base score

7.6/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction Required
Confidentiality High
Integrity Low

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:L

What the vulnerability does

01Description

Cross-site Scripting (XSS) - DOM in GitHub repository saleor/react-storefront prior to c29aab226f07ca980cc19787dcef101e11b83ef7.

Key dates

02Disclosure timeline

June 16, 2023 CVE published
December 17, 2024 Record updated