CVE-2023-2582

Name of the Vulnerable Software and Affected Versions Strikingly CMS (affected versions not specified)

Description A prototype pollution issue exists in Strikingly CMS, potentially leading to reflected cross-site scripting (XSS) in affected applications and sites. This occurs because the Strikingly JavaScript library's parsing of the URL fragment allows access to the proto or constructor properties and the Object prototype. An attacker could exploit this by convincing a victim to visit a specially crafted link, leveraging an embedded gadget like jQuery to achieve arbitrary JavaScript execution in the context of the user's browser.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.