Moderate severityNVD Advisory· Published Aug 21, 2023· Updated Sep 27, 2024

XSS in Chrome Lab Critters

CVE-2023-3481

Description

Critters versions 0.0.17-0.0.19 have an issue when parsing the HTML, which leads to a potential cross-site scripting (XSS) bug. We recommend upgrading to version 0.0.20 of the extension.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

Package	Affected versions	Patched versions
crittersnpm	>= 0.0.17, < 0.0.20	0.0.20

Affected products

ghsa-coords
pkg:npm/critters
Range: >= 0.0.17, < 0.0.20
Google/Crittersv5
Range: 0.0.17

Patches

Vulnerability mechanics

References

github.com/advisories/GHSA-cx3j-qqxj-9597ghsaADVISORY
nvd.nist.gov/vuln/detail/CVE-2023-3481ghsaADVISORY
github.com/GoogleChromeLabs/critters/commit/7757902c9e0b3285d516359b3cb602cd9d50d80eghsaWEB
github.com/GoogleChromeLabs/critters/pull/133ghsaWEB
github.com/GoogleChromeLabs/critters/security/advisories/GHSA-cx3j-qqxj-9597ghsaWEB

News mentions

No linked articles in our index yet.

cvss	0.260
epss	0.000
exploit	0.000
kev	0.000
patch	-0.070
ransomware	0.000