CVE-2023-24810

Name of the Vulnerable Software and Affected Versions Misskey versions prior to 13.3.1

Description The issue arises from insufficient validation of the redirect URL during miauth authentication, allowing arbitrary JavaScript execution when a user allows the link. This can be exploited when users authenticate untrusted apps.

Recommendations For versions prior to 13.3.1, upgrade to version 13.3.1 to resolve the issue. As a temporary workaround for users unable to upgrade, do not allow authentication of untrusted apps.