Description
Cross Site Scripting vulnerability in Summernote v.0.8.18 and before allows a remote attacker to execute arbtirary code via a crafted payload to the codeview parameter.
Recommendation
No fix is available yet. Followings are affected versions:
- <= 0.8.18
References
Related Issues
- nuxt vulnerable to Cross-site Scripting in navigateTo if used after SSR - CVE-2024-34343
- SummerNote Cross Site Scripting Vulnerability - CVE-2024-37629
- vue-template-compiler vulnerable to client-side Cross-Site Scripting (XSS) - CVE-2024-6783
- vue-i18n has cross-site scripting vulnerability with prototype pollution (GHSA-9r9m-ffp6-9x4v) - CVE-2024-52809
- Tags:
- npm
- summernote
Anything's wrong? Let us know Last updated on April 12, 2024