Description
Versions of simditor prior to 2.3.22 are vulnerable to Cross-Site Scripting. The package does not sanitize user input that is rendered with innerHTML, allowing attackers to execute arbitrary JavaScript.
Recommendation
Update the simditor package to the latest compatible version. Followings are version details:
- Affected version(s): < 2.3.22
- Patched version(s): 2.3.22
References
Related Issues
- Cross-Site Scripting in connect - CVE-2018-3717
- Stored Cross-Site Scripting in simplehttpserver - CVE-2018-3716
- metascraper before v5.2.0 vulnerable to stored cross-site scripting - CVE-2018-3773
- Cross-site Scripting (XSS) - Stored in crud-file-server - CVE-2018-3726
You might also like:
- Tags:
- npm
- simditor
Anything's wrong? Let us know Last updated on January 09, 2023


