CVE-2023-42808

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2023-42808

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-42808.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2023-42808

Published

2023-10-04T19:11:22.906Z

Modified

2025-11-28T02:33:55.877812Z

Severity

6.1 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVSS Calculator

Summary

Common Voice Cross-site Scripting vulnerability

Details

Common Voice is the web app for Mozilla Common Voice, a platform for collecting speech donations in order to create public domain datasets for training voice recognition-related tools. Version 1.88.2 is vulnerable to reflected Cross-Site Scripting given that user-controlled data flows to a path expression (path of a network request). This issue may lead to reflected Cross-Site Scripting (XSS) in the context of Common Voice’s server origin. As of time of publication, it is unknown whether any patches or workarounds exist.

Database specific

{
    "cna_assigner": "GitHub_M",
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/42xxx/CVE-2023-42808.json",
    "cwe_ids": [
        "CWE-79"
    ]
}

References

Affected packages

Git / github.com/common-voice/common-voice

Affected ranges

Type: GIT
Repo: https://github.com/common-voice/common-voice
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Last affected

2ad1174b47556896c83f92ac307469b51da89671

Affected versions

Other

4db8fb386

dev-v1.*

dev-v1.23.0-test-master

dev-v1.23.0-test-master-1

release-1.*

release-1.31.2

release-v1.*

release-v1.25.1

release-v1.26.0

release-v1.27.0

release-v1.27.1

release-v1.27.2

release-v1.28.0

release-v1.28.1-redirect-hotfix

release-v1.29.0

release-v1.30.0

release-v1.30.1-fxvoice-link

release-v1.30.2-null-clip-locales

release-v1.31.0

release-v1.32.0

release-v1.33.0

release-v1.33.1-rw-sentences

release-v1.34.0

release-v1.34.1-ga-hash

release-v1.34.3-singleword-update

release-v1.35.0

release-v1.35.1-lg-contributable

release-v1.35.2-rc1-lg-pontoon

release-v1.35.3-locales-only

release-v1.36.0

release-v1.36.1-migration-typo

release-v1.36.2-trigger-remigrate

release-v1.36.3

release-v1.36.4-clips-stats-fix

release-v1.37.0

release-v1.38.0

release-v1.38.1

release-v1.38.2

release-v1.38.3-activity-fixing

release-v1.38.3-sentences

release-v1.38.4

release-v1.39.0

release-v1.39.1

release-v1.39.2

release-v1.39.3

release-v1.39.4

release-v1.39.4-rc1

release-v1.39.5

release-v1.40.0

release-v1.40.1

release-v1.41.0

release-v1.42.0

release-v1.43.0

release-v1.43.1

release-v1.43.2-ba

release-v1.44.0

release-v1.45.0

release-v1.46.0

release-v1.47.0

release-v1.47.1-cinchy-hotfix

release-v1.48.0

release-v1.48.1-ffmpeg-logging-tweak

release-v1.48.2-fs-claim

release-v1.49.0

release-v1.50.0

release-v1.51.0

release-v1.52.0

release-v1.52.1

release-v1.53.0

release-v1.54.0

release-v1.55.0

release-v1.55.1

release-v1.56.0

release-v1.56.1

release-v1.56.2

release-v1.57.0

release-v1.58.0

release-v1.58.1

release-v1.59.0

release-v1.60.0

release-v1.61.0

release-v1.61.1

release-v1.62.0

release-v1.63.0

release-v1.63.1

release-v1.64.0

release-v1.65.0

release-v1.65.1

release-v1.65.2

release-v1.66.0

release-v1.66.1

release-v1.66.2

release-v1.66.3

release-v1.67.2

release-v1.67.3

release-v1.67.4

release-v1.67.5

release-v1.68.0

release-v1.69.0

release-v1.69.1

release-v1.69.2

release-v1.69.3

release-v1.69.4

release-v1.69.5

release-v1.70.0

release-v1.71.0

release-v1.72.1

release-v1.73.1

release-v1.73.2

release-v1.73.3

release-v1.73.3-rc1

release-v1.73.4

release-v1.74.0

release-v1.74.1

release-v1.75.0

release-v1.75.1

release-v1.76.0

release-v1.76.1

release-v1.76.2

release-v1.77.0

release-v1.78.0

release-v1.79.0

release-v1.80.0

release-v1.81.0

release-v1.81.1

release-v1.81.2

release-v1.81.3

release-v1.82.1

release-v1.83.0

release-v1.84.0

release-v1.85.0

release-v1.86.0

release-v1.86.1

release-v1.86.2

release-v1.87.0

release-v1.87.1

release-v1.87.2

release-v1.88.0

release-v1.88.1

release-v1.88.2

sandbox-v0.*

sandbox-v0.0.1

sandbox-v0.0.2

sandbox-v0.0.3

sandbox-v0.0.4

sandbox-v0.0.5

sandbox-v1.*

sandbox-v1.25.0-test-maint-mode

sandbox-v1.68.2-rc1

stage-1.*

stage-1.65.3

stage-v1.*

stage-v1.23-k8s-stage

stage-v1.24.0-rc1

stage-v1.26.0-rc1

stage-v1.27.0-rc1

stage-v1.27.1-rc1

stage-v1.27.1-rc2-segments

stage-v1.28.0-rc1

stage-v1.28.0-rc2

stage-v1.28.0-rc3

stage-v1.29.0-rc1

stage-v1.29.0-rc2

stage-v1.30.0-rc1

stage-v1.30.0-rc2

stage-v1.31.0-rc1

stage-v1.31.0-rc2

stage-v1.32.0-rc1

stage-v1.33.0-rc1

stage-v1.33.0-rc2

stage-v1.33.0-rc3

stage-v1.34.0-rc1

stage-v1.34.1-rc1

stage-v1.34.3-rc1

stage-v1.35.0-rc0-rs-metadata-test

stage-v1.35.0-rc1

stage-v1.35.0-rc2-lg-contributable

stage-v1.35.2-rc1-lg-pontoon

stage-v1.36.0-rc0-metadata-prerelease

stage-v1.36.0-rc1

stage-v1.36.0-rc2

stage-v1.36.0-rc3

stage-v1.36.0-rc4

stage-v1.37.0-rc1

stage-v1.37.0-rc2

stage-v1.38.0-rc1

stage-v1.38.4-rc1

stage-v1.39.0-rc1

stage-v1.39.0-rc2

stage-v1.39.0-rc3

stage-v1.39.0-rc4

stage-v1.39.3-rc1

stage-v1.39.5-rc1

stage-v1.40.0-rc1

stage-v1.41.0-rc1

stage-v1.41.0-rc3

stage-v1.42.0-rc1

stage-v1.43.0-rc1

stage-v1.43.1-rc1

stage-v1.43.2-rc1

stage-v1.43.2-rc2

stage-v1.44.0-rc1

stage-v1.45.0-rc1

stage-v1.45.0-rc2

stage-v1.45.0-rc3

stage-v1.45.0-rc4

stage-v1.46.0-rc1

stage-v1.47.0-rc1

stage-v1.47.0-rc2

stage-v1.48.0-rc1

stage-v1.49.0-rc1

stage-v1.49.0-rc2

stage-v1.50.0-rc1

stage-v1.50.0-rc2

stage-v1.51.0-rc1

stage-v1.52.0-rc1

stage-v1.52.1-rc1

stage-v1.53.0-rc1

stage-v1.54.0-rc1

stage-v1.54.1-rc1

stage-v1.54.1-rc2

stage-v1.55.0-rc1

stage-v1.56.0-rc1

stage-v1.56.1-rc1

stage-v1.56.1-rc2

stage-v1.57.0-rc1

stage-v1.58.0-rc1

stage-v1.58.0-rc2

stage-v1.58.1-rc1

stage-v1.59.0-rc1

stage-v1.61.0-rc1

stage-v1.61.1-rc1

stage-v1.62.0-rc1

stage-v1.63.0-rc1

stage-v1.63.1-rc1

stage-v1.64.0-rc2

stage-v1.65.0-rc1

stage-v1.65.0-rc2

stage-v1.65.0-rc3

stage-v1.65.1-rc1

stage-v1.65.3

stage-v1.65.3-rc1

stage-v1.65.3-rc2

stage-v1.66.1-rc1

stage-v1.66.2-rc1

stage-v1.67.0-rc1

stage-v1.67.0-rc2

stage-v1.67.0-rc3

stage-v1.67.1-rc1

stage-v1.67.1-rc2

stage-v1.67.2-rc1

stage-v1.67.4-rc1

stage-v1.67.5-rc1

stage-v1.68.0-rc1

stage-v1.68.0-rc2

stage-v1.69-rc1

stage-v1.69.0-rc1

stage-v1.69.1-rc1

stage-v1.69.2-rc1

stage-v1.69.4-rc1

stage-v1.69.5-rc1

stage-v1.69.5-rc2

stage-v1.70.0-rc1

stage-v1.70.0-rc2

stage-v1.71.0-rc2

stage-v1.72.0-rc1

stage-v1.72.0-rc2

stage-v1.72.0-rc3

stage-v1.72.0-rc4

stage-v1.72.0-rc5

stage-v1.72.1-rc1

stage-v1.73.0

stage-v1.73.2

stage-v1.73.3-rc1

stage-v1.73.4-rc1

stage-v1.74.0-rc1

stage-v1.74.1-rc1

stage-v1.75.0-rc1

stage-v1.75.1-rc1

stage-v1.76.0-rc1

stage-v1.76.1-rc1

stage-v1.77.0-rc1

stage-v1.78.0

stage-v1.78.0-rc1

stage-v1.78.0-rc2

stage-v1.78.0-rc3

stage-v1.79.0-rc1

stage-v1.79.0-rc2

stage-v1.79.0-rc3

stage-v1.80.0-rc1

stage-v1.81.0-rc1

stage-v1.81.1-rc1

stage-v1.81.1-rc2

stage-v1.81.2-rc1

stage-v1.81.3-rc1

stage-v1.82.1-rc1

stage-v1.83.0-rc1

stage-v1.84.0-rc1

stage-v1.84.1-rc1

stage-v1.85.0-rc1

stage-v1.86.0-rc1

stage-v1.86.1-rc1

stage-v1.86.2-rc1

stage-v1.87.0-rc1

stage-v1.87.1-rc1

stage-v1.87.1-rc3

stage-v1.87.2-rc1

stage-v1.87.2-rc2

stage-v1.88.0-rc1

stage-v1.88.1-rc1

stage-v1.88.2-rc1

staging-v0.*

staging-v0.0.1

staging-v0.0.2

staging-v0.0.3

staging-v1.*

staging-v1.23.0-master-test-1

staging-v1.23.0-master-test-2

staging-v1.23.0-ssm-fix

staging-v1.24.0-dataset-lang-switch

staging-v22.*

staging-v22.0-rc1

v1.*

v1.22.0

v1.23.0

v1.24.0

v1.24.1-ga-hotfix

v1.25.0

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-42808.json"

Git / github.com/mozilla/common-voice