Unrated severityNVD Advisory· Published Oct 4, 2023· Updated Sep 19, 2024
Common Voice Cross-site Scripting vulnerability
CVE-2023-42808
Description
Common Voice is the web app for Mozilla Common Voice, a platform for collecting speech donations in order to create public domain datasets for training voice recognition-related tools. Version 1.88.2 is vulnerable to reflected Cross-Site Scripting given that user-controlled data flows to a path expression (path of a network request). This issue may lead to reflected Cross-Site Scripting (XSS) in the context of Common Voice’s server origin. As of time of publication, it is unknown whether any patches or workarounds exist.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2= 1.88.2+ 1 more
- (no CPE)range: = 1.88.2
- (no CPE)range: <= 1.88.2
Patches
Vulnerability mechanics
References
3- github.com/mozilla/common-voice/blob/9d6ffd755e29b81918b86b9f5218b9c27d9c1c1a/server/src/fetch-legal-document.tsmitrex_refsource_MISC
- github.com/mozilla/common-voice/blob/9d6ffd755e29b81918b86b9f5218b9c27d9c1c1a/server/src/server.tsmitrex_refsource_MISC
- securitylab.github.com/advisories/GHSL-2023-026_Common_Voice/mitrex_refsource_CONFIRM
News mentions
0No linked articles in our index yet.