Description
Versions of simditor prior to 2.3.22 are vulnerable to Cross-Site Scripting. The package does not sanitize user input that is rendered with innerHTML, allowing attackers to execute arbitrary JavaScript.
Recommendation
Update the simditor package to the latest compatible version. Followings are version details:
- Affected version(s): < 2.3.22
- Patched version(s): 2.3.22
References
Related Issues
- Stored Cross-Site Scripting in simplehttpserver - CVE-2018-3716
- Bootstrap Cross-site Scripting vulnerability (GHSA-pj7m-g53m-7638) - CVE-2018-14041
- Cross-site Scripting (XSS) - Stored in crud-file-server - CVE-2018-3726
- Json2html vulnerable to cross-site scripting - CVE-2018-25053
- Tags:
- npm
- simditor
Anything's wrong? Let us know Last updated on January 09, 2023