Margox Braft-Editor Cross-site Scripting Vulnerability

Severity:: Medium

Description

Cross Site Scripting (XSS) vulnerability in margox braft-editor version 2.3.8, allows remote attackers to execute arbitrary code via the embed media feature.

Recommendation

No fix is available yet. Followings are affected versions:

<= 2.3.8

References

GHSA-jfrf-vv54-j2jg
CVE-2021-27524
CWE-79
CAPEC-310
OWASP 2021-A3
OWASP 2021-A6

Related Issues

Elliptic's verify function omits uniqueness validation - CVE-2024-48949
Nuxt DevTools vulnerable to cross-site scripting (XSS) - CVE-2025-52662
Strapi is vulnerable to Insufficient Session Expiration - CVE-2025-3930
Regular Expression Denial of Service (ReDoS) in lodash - CVE-2020-28500

Tags:: npm; braft-editor

Anything's wrong? Let us know Last updated on November 11, 2023