Cross-site Scripting in vditor

Description

Cross-site Scripting (XSS) - Stored in GitHub repository vanessa219/vditor prior to 3.8.13.

Recommendation

Update the vditor package to the latest compatible version. Followings are version details:

• Affected version(s): < 3.8.13
• Patched version(s): 3.8.13

References

• GHSA-689x-x68p-fph3
• huntr.dev
• CVE-2022-0350
• CWE-79
• CAPEC-310
• OWASP 2021-A3
• OWASP 2021-A6

Related Issues

• Cross-site Scripting in vditor (GHSA-pq37-4c4g-v38c) - CVE-2022-0341
• Cross-site Scripting in karma - CVE-2022-0437
• Cross-site Scripting in fullpage.js - CVE-2022-1330
• Cross-site Scripting in Prism - CVE-2022-23647

Tags:

npm

vditor