Headline
CVE-2023-48094: CesiumJS v1.111 DOM based XSS
A cross-site scripting (XSS) vulnerability in CesiumJS v1.111 allows attackers to execute arbitrary code in the context of the victim’s browser via sending a crafted payload to /container_files/public_html/doc/index.html.
Embed
What would you like to do?
CesiumJS v1.111 DOM based XSS
- CVE ID
not yet assigned
- Name of affected product and versions
https://github.com/CesiumGS/cesium
version <= 1.111
- Problem type
Attacker can execute arbitrary javascript code in victim’s browser by sending specifically crafted url that exploits DOM based XSS in container_files/public_html/doc/index.html.
- Description
There is a DOM based XSS vulnerability in Apps/Sandcastle/standalone.html due to creating script tag with unsanitzed location.hash.