SummerNote Cross Site Scripting Vulnerability

Description

SummerNote 0.8.18 is vulnerable to Cross Site Scripting (XSS) via the Code View Function.

Recommendation

No fix is available yet. Followings are affected versions:

• <= 0.8.20

References

• GHSA-cc55-mvqc-g9mg
• grumpz.net
• CVE-2024-37629
• CWE-79
• CAPEC-310
• OWASP 2021-A3
• OWASP 2021-A6

Related Issues

• Summernote vulnerable to cross-site scripting - CVE-2024-29504
• Use of Insufficiently Random Values in undici - CVE-2025-22150
• Parse Server has an OAuth login vulnerability - CVE-2025-30168
• counterpart vulnerable to prototype pollution - CVE-2025-57354

Tags:

npm

summernote