Description
Cross Site Scripting vulnerability in Summernote v.0.8.18 and before allows a remote attacker to execute arbtirary code via a crafted payload to the codeview parameter.
Recommendation
No fix is available yet. Followings are affected versions:
- <= 0.8.18
References
Related Issues
- nuxt vulnerable to Cross-site Scripting in navigateTo if used after SSR - CVE-2024-34343
- vue-template-compiler vulnerable to client-side Cross-Site Scripting (XSS) - CVE-2024-6783
- SummerNote Cross Site Scripting Vulnerability - CVE-2024-37629
- Json2html vulnerable to cross-site scripting - CVE-2018-25053
You might also like:
- Tags:
- npm
- summernote
Anything's wrong? Let us know Last updated on April 12, 2024