Description
Cross Site Scripting vulnerability in Summernote v.0.8.18 and before allows a remote attacker to execute arbtirary code via a crafted payload to the codeview parameter.
Recommendation
No fix is available yet. Followings are affected versions:
- <= 0.8.18
References
Related Issues
- SummerNote Cross Site Scripting Vulnerability - CVE-2024-37629
- Use of Insufficiently Random Values in undici - CVE-2025-22150
- Parse Server has an OAuth login vulnerability - CVE-2025-30168
- counterpart vulnerable to prototype pollution - CVE-2025-57354
- Tags:
- npm
- summernote
Anything's wrong? Let us know Last updated on April 12, 2024