writeups.xyz / CVE-2023-1767 - Stored XSS on Snyk Advisor service can allow full fabrication of npm packages health score

Submitter : c2a

Date: 10 April 2023

Bounty : undisclosed

Vulnerabilities :

• Stored XSS
• Markdown XSS
• Supply Chain Attack

Programs :

• Snyk

Authors :

• Gal Weizman (@WeizmanGal)

Link :
https://weizman.github.io/2023/04/10/snyk-xss/