CVE-2023-32325

Name of the Vulnerable Software and Affected Versions PostHog-js versions prior to 1.57.2

Description The issue concerns a potential for cross-site scripting in the PostHog-js library. Users are advised to upgrade to version 1.57.2 to resolve the issue. For users unable to upgrade, having a Content Security Policy in place can mitigate the risk.

Recommendations For versions prior to 1.57.2, upgrade to version 1.57.2 to patch the issue. As a temporary workaround for users unable to upgrade, ensure that their Content Security Policy is in place. Consider using the HTML tracking snippet on PostHog Cloud, which always guarantees the latest version of the library, thus no action is required to upgrade to the patched version.