What is CVE-2023-42808?

CVE-2023-42808 is a vulnerability in Mozilla Common Voice version 1.88.2 that allows for reflected Cross-Site Scripting.

How severe is CVE-2023-42808?

CVE-2023-42808 has a severity level of medium with a CVSS score of 6.1.

How does CVE-2023-42808 affect Mozilla Common Voice?

CVE-2023-42808 affects Mozilla Common Voice version 1.88.2 by allowing user-controlled data to flow to a vulnerable path, leading to reflected Cross-Site Scripting.

What is Cross-Site Scripting (XSS)?

Cross-Site Scripting (XSS) is a type of security vulnerability where an attacker injects malicious scripts into a trusted website, which are then executed by the victim's browser.

How can I fix CVE-2023-42808 in Mozilla Common Voice 1.88.2?

To fix CVE-2023-42808 in Mozilla Common Voice 1.88.2, it is recommended to apply the latest security patches or updates provided by Mozilla and ensure proper validation and sanitization of user-controlled data to prevent Cross-Site Scripting vulnerabilities.

Vulnerability/
CVE-2023-42808

medium

6.1

CWE

4/10/2023

19/9/2024

CVE-2023-42808: Common Voice Cross-site Scripting vulnerability

First published: Wed Oct 04 2023(Updated: )

Common Voice is the web app for Mozilla Common Voice, a platform for collecting speech donations in order to create public domain datasets for training voice recognition-related tools. Version 1.88.2 is vulnerable to reflected Cross-Site Scripting given that user-controlled data flows to a path expression (path of a network request). This issue may lead to reflected Cross-Site Scripting (XSS) in the context of Common Voice’s server origin. As of time of publication, it is unknown whether any patches or workarounds exist.

Credit: security-advisories@github.com security-advisories@github.com

Affected Software	Affected Version	How to fix
Mozilla Common Voice	=1.88.2

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is CVE-2023-42808?
CVE-2023-42808 is a vulnerability in Mozilla Common Voice version 1.88.2 that allows for reflected Cross-Site Scripting.
How severe is CVE-2023-42808?
CVE-2023-42808 has a severity level of medium with a CVSS score of 6.1.
How does CVE-2023-42808 affect Mozilla Common Voice?
CVE-2023-42808 affects Mozilla Common Voice version 1.88.2 by allowing user-controlled data to flow to a vulnerable path, leading to reflected Cross-Site Scripting.
What is Cross-Site Scripting (XSS)?
Cross-Site Scripting (XSS) is a type of security vulnerability where an attacker injects malicious scripts into a trusted website, which are then executed by the victim's browser.
How can I fix CVE-2023-42808 in Mozilla Common Voice 1.88.2?
To fix CVE-2023-42808 in Mozilla Common Voice 1.88.2, it is recommended to apply the latest security patches or updates provided by Mozilla and ensure proper validation and sanitization of user-controlled data to prevent Cross-Site Scripting vulnerabilities.

collector/nvd-api
collector/nvd-index
agent/author
agent/type
agent/softwarecombine
collector/mitre-cve
source/MITRE
agent/references
agent/weakness
agent/title
agent/severity
agent/last-modified-date
agent/tags
agent/description
agent/event
agent/first-publish-date
vendor/mozilla
canonical/mozilla common voice
version/mozilla common voice/1.88.2

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.