Impact
Potential for cross-site scripting in posthog-js
.
Patches
The problem has been patched in posthog-js
version 1.57.2.
Workarounds
- This isn't an issue for sites that have a Content Security Policy in place.
- Using the HTML tracking snippet on PostHog Cloud always guarantees the latest version of the library – in that case no action is required to upgrade to the patched version.
References
We will publish details of the vulnerability in 30 days as per our security policy.
Impact
Potential for cross-site scripting in
posthog-js
.Patches
The problem has been patched in
posthog-js
version 1.57.2.Workarounds
References
We will publish details of the vulnerability in 30 days as per our security policy.