This issue has been fixed.

After a user has interacted with a particular piece of content on a page, such as a link, image, or snippet, they might see a notification bar with a warning that the page has been protected to alert the user to double check their actions. The notification bar will usually have the text - “After you finish reading this, click the link below to proceed”, along with a link to click and continue reading. A remote attacker could convince a user to follow this link after reading the notification bar and causing them to interact with the warning message, resulting in a ThunderScript/JavaScript code execution. This issue has been fixed by removing the notification bar.

This issue occurs because of a logic issue in the way the notification bar is displayed.

An attacker could use malicious JavaScript to trick a user into interacting with their notification bar
This issue has been fixed by removing the notification bar.

CVE-2023-3072

This issue has been fixed.

After a user has interacted with a particular piece of content on a page, such as a link, image, or snippet, they might see a notification bar with a warning that the page has been protected to alert the user to double check their actions. The notification bar will usually have the text - “After you finish reading this, click the link below to proceed”, along with a link to click and continue reading. A remote attacker could convince a user to follow this link after reading the notification bar and causing them to interact with the warning message, resulting in a ThunderScript/JavaScript code execution. This issue has been fixed by removing the notification bar.

This issue occurs because of a logic issue in the way the notification bar is displayed.

Timeline

Published on: 09/26/2022 16:15:00 UTC
Last modified on: 09/29/2022 17:15:00 UTC

References