Lexical · Lexical · CVE-2023-30792
**Name of the Vulnerable Software and Affected Versions**
Lexical versions prior to 0.10.0
**Description**
The issue allows cross-site scripting on link clicks when input is being parsed from untrusted sources, due to `href` attributes in anchor tags rendering `javascript:` URLs.
**Recommendations**
For versions prior to 0.10.0, update to version 0.10.0 or later to resolve the issue. As a temporary workaround, consider restricting the parsing of input from untrusted sources to minimize the risk of exploitation.