Cross-Site Scripting in simditor

Severity:: Medium

Description

Versions of simditor prior to 2.3.22 are vulnerable to Cross-Site Scripting. The package does not sanitize user input that is rendered with innerHTML, allowing attackers to execute arbitrary JavaScript.

Recommendation

Update the simditor package to the latest compatible version. Followings are version details:

Affected version(s): < 2.3.22
Patched version(s): 2.3.22

References

GHSA-8v67-x8q5-3x3g
snyk.io
www.npmjs.com
CVE-2018-19048
CWE-79
CAPEC-310
OWASP 2021-A3
OWASP 2021-A6

Related Issues

Cross-Site Scripting in exceljs - CVE-2018-16459
Joplin Vulnerable to Cross-site Scripting in Note Content - CVE-2018-1000534
Bootstrap Cross-site Scripting vulnerability - bootstrap - GHSA-7mvr-5x2g-wfc8 - CVE-2018-14042
Cross-Site Scripting in connect - CVE-2018-3717

How to Secure your NodeJs Express Javascript Application - part 1

How to Secure your NodeJs Express Javascript Application - part 2

10 Secure Coding Best Practices to Follow in Every Project

Tags:: npm; simditor

Anything's wrong? Let us know Last updated on January 09, 2023