Description
Versions of simditor prior to 2.3.22 are vulnerable to Cross-Site Scripting. The package does not sanitize user input that is rendered with innerHTML, allowing attackers to execute arbitrary JavaScript.
Recommendation
Update the simditor package to the latest compatible version. Followings are version details:
- Affected version(s): < 2.3.22
- Patched version(s): 2.3.22
References
Related Issues
- Cross-site Scripting in jquery-ui - CVE-2010-5312
- nuxt Code Injection vulnerability - CVE-2023-3224
- QooxDoo XSS in Callback Parameter - CVE-2011-1714
- Denial of Service in ipfs-bitswap - Vulnerability
- Tags:
- npm
- simditor
Anything's wrong? Let us know Last updated on January 09, 2023