CVE-2023-3294: Cross-site Scripting (XSS) - DOM in saleor/react-storefront
7.6
CVSS
Description
Cross-site Scripting (XSS) - DOM in GitHub repository saleor/react-storefront prior to c29aab226f07ca980cc19787dcef101e11b83ef7.
Classification
CVE ID: CVE-2023-3294
CVSS Base Severity: HIGH
CVSS Base Score: 7.6
Affected Products
Vendor: saleor
Product: saleor/react-storefront
Exploit Prediction Scoring System (EPSS)
EPSS Score: 0.07% (probability of being exploited)
EPSS Percentile: 33.86% (scored less or equal to compared to others)
EPSS Date: 2025-02-04 (when was this score calculated)
References
https://huntr.dev/bounties/9d308ebb-4289-411f-ac22-990383d98932https://github.com/saleor/react-storefront/commit/c29aab226f07ca980cc19787dcef101e11b83ef7