Description
PostHog-js is a library to interface with the PostHog analytics tool. Versions prior to 1.57.2 have the potential for cross-site scripting. Problem has been patched in 1.57.2. Users are advised to upgrade. Users unable to upgrade should ensure that their Content Security Policy is in place.
References (2)
Core 2
Core References
Vendor Advisory x_refsource_confirm
https://github.com/PostHog/posthog-js/security/advisories/GHSA-8775-5hwv-wr6v
Scores
CVSS v3
5.4
EPSS
0.0143
EPSS Percentile
80.7%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
CWE
CWE-79
Status
published
Products (2)
npm/posthog-js
0 - 1.57.2npm
posthog/posthog-js
< 1.57.2
Published
May 27, 2023
Tracked Since
Feb 18, 2026