Description
Potential for cross-site scripting in posthog-js.
Recommendation
Update the posthog-js package to the latest compatible version. Followings are version details:
- Affected version(s): < 1.57.2
- Patched version(s): 1.57.2
References
Related Issues
- Cross-Site-Scripting attack on `<RichTextField>` (GHSA-5jcr-82fh-339v) - CVE-2023-25572
- Vega Expression Language `scale` expression function Cross Site Scripting (GHSA-4vq7-882g-wcg4) - CVE-2023-26486
- Vega Expression Language `scale` expression function Cross Site Scripting - CVE-2023-26486
- Vega has Cross-site Scripting vulnerability in `lassoAppend` function (GHSA-w5m3-xh75-mp55) - CVE-2023-26487
- Tags:
- npm
- posthog-js
Anything's wrong? Let us know Last updated on November 12, 2023