Cross site scripting in mobiledoc-kit

Description

Cross-site Scripting (XSS) - Reflected in GitHub repository bustle/mobiledoc-kit prior to 0.14.2.

Recommendation

Update the mobiledoc-kit package to the latest compatible version. Followings are version details:

• Affected version(s): < 0.14.2
• Patched version(s): 0.14.2

References

• GHSA-hw2p-xqhq-3mjf
• huntr.dev
• CVE-2022-2932
• CWE-79
• CAPEC-310
• OWASP 2021-A3
• OWASP 2021-A6

Related Issues

• PrismJS DOM Clobbering vulnerability - CVE-2024-53382
• Server-Side Request Forgery in axios - CVE-2024-39338
• DOS by abusing `fetchOptions.retry`. - CVE-2023-49800
• Prototype Pollution in querystringify - Vulnerability

Tags:

npm

mobiledoc-kit