CVE-2023-32325
Potential for cross-site scripting in PostHog-js in npm/posthog-js
Identifiers
GHSA-8775-5hwv-wr6v, CVE-2023-32325
Package Slug
npm/posthog-js
Vulnerability
Potential for cross-site scripting in PostHog-js
Description
Impact
Potential for cross-site scripting in posthog-js.
Patches
The problem has been patched in posthog-js version 1.57.2.
Workarounds
- This isn't an issue for sites that have a Content Security Policy in place.
- Using the HTML tracking snippet on PostHog Cloud always guarantees the latest version of the library – in that case no action is required to upgrade to the patched version.
References
We will publish details of the vulnerability in 30 days as per our security policy.
Affected Versions
All versions before 1.57.2
Solution
Upgrade to version 1.57.2 or above.
Last Modified
2023-05-23
| source |