Summernote vulnerable to cross-site scripting

Description

Cross Site Scripting vulnerability in Summernote v.0.8.18 and before allows a remote attacker to execute arbtirary code via a crafted payload to the codeview parameter.

Recommendation

No fix is available yet. Followings are affected versions:

• <= 0.8.18

References

• GHSA-4wh3-3wf2-39m9
• CVE-2024-29504
• CWE-79
• CAPEC-310
• OWASP 2021-A3
• OWASP 2021-A6

Related Issues

• vue-template-compiler vulnerable to client-side Cross-Site Scripting (XSS) - CVE-2024-6783
• SummerNote Cross Site Scripting Vulnerability - CVE-2024-37629
• nuxt vulnerable to Cross-site Scripting in navigateTo if used after SSR - CVE-2024-34343
• Materialize-css vulnerable to Cross-site Scripting in autocomplete component - materialize-css - CVE-2019-11003

You might also like:

How to Secure your NodeJs Express Javascript Application - part 1

How to Secure your NodeJs Express Javascript Application - part 2

10 Secure Coding Best Practices to Follow in Every Project

Tags:

npm

summernote