CVE-2024-32472: Stored Cross-site Scripting (XSS) in excalidraw's web embed component
A stored XSS vulnerability in Excalidraw’s web embeddable component. This allows arbitrary JavaScript to be run in the context of the domain where the editor is hosted.
References
- github.com/advisories/GHSA-m64q-4jqh-f72f
- github.com/excalidraw/excalidraw
- github.com/excalidraw/excalidraw/commit/6be752e1b6d776ccfbd3bb9eea17463cb264121d
- github.com/excalidraw/excalidraw/commit/988f81911ca58e3ca2583e0dd44a954dd00e09d0
- github.com/excalidraw/excalidraw/security/advisories/GHSA-m64q-4jqh-f72f
- nvd.nist.gov/vuln/detail/CVE-2024-32472
Code Behaviors & Features
Detect and mitigate CVE-2024-32472 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →