EPSS
Percentile
32.5%
posthog-js is vulnerable to Cross-site Scripting (XSS). The vulnerability exists because the library does not properly sanitize the apiURL attribute in the toolbar.ts, which allows an attacker to inject and execute malicious JavaScript.
apiURL
toolbar.ts
github.com/advisories/GHSA-8775-5hwv-wr6v
github.com/PostHog/posthog-js/commit/67e07eb8bb271a3a6f4aa251382e4d25abb385a0
github.com/PostHog/posthog-js/pull/630
github.com/PostHog/posthog-js/security/advisories/GHSA-8775-5hwv-wr6v