Vulnerabilities/

Cross-site scripting (XSS) in the clipboard package

Severity:: Medium

Description

During a recent internal audit, we identified a Cross-Site Scripting (XSS) vulnerability in the CKEditor 5 clipboard package.

Recommendation

Update the @ckeditor/ckeditor5-clipboard package to the latest compatible version. Followings are version details:

Affected version(s): >= 40.0.0, < 43.1.1
Patched version(s): 43.1.1

References

Related Issues

Tags:: npm; @ckeditor/ckeditor5-clipboard

Anything's wrong? Let us know Last updated on October 15, 2024