CVE-2023-1767 PoC — Snyk Advisor 跨站脚本漏洞

Source

https://github.com/weizman/CVE-2023-1767

Associated Vulnerability

Title:Snyk Advisor 跨站脚本漏洞 (CVE-2023-1767)
Description:Snyk Advisor是Snyk公司的一个多平台软件包分发平台。 Snyk Advisor存在安全漏洞，该漏洞源于在README 文件的HTML标签中存在存储型跨站脚本（XSS）漏洞。

Readme

# Stored XSS `snyk.io` Discovery (19/03/23)

## [CVE-2023-1767](https://nvd.nist.gov/vuln/detail/CVE-2023-1767)

## [Responsible Vulnerability Disclosure Report](./report/)

## [Vulnerability blog post coverage](https://weizman.github.io/2023/04/10/snyk-xss/)

## [Exploit PoC](./demo/)

File Snapshot


 [4.0K]  /data/pocs/3b076060f6137a730a408d7ad3b8503905ccc527
├── [4.0K]  demo
│   ├── [4.0K]  png2jpg
│   │   ├── [  45]  index.js
│   │   ├── [ 373]  package.json
│   │   └── [ 467]  README.md
│   └── [ 81K]  README.md
├── [ 287]  README.md
└── [4.0K]  report
    ├── [4.4K]  README.md
    └── [173K]  snyk-io-advisor-npm-package-png2jpg.html

3 directories, 7 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!