GHSA-9hfw-cvf4-5x25

Опубликовано: 31 мая 2024

Источник: github

Github: Прошло ревью

Описание

wangEditor was discovered to contain a cross-site scripting (XSS) vulnerability via the image upload function

There is a cross-site scripting (XSS) issue in wangEditor via the image upload function in version 4.7.11. This issue has been fixed in version 4.7.12.

Ссылки

https://nvd.nist.gov/vuln/detail/CVE-2022-25037
https://github.com/wangeditor-team/wangEditor/issues/3870
https://github.com/wangeditor-team/wangEditor/issues/3872
https://github.com/wangeditor-team/wangEditor/commit/6257a2e166346913c34ac5cfb31b6a46e9544c5a
https://gist.github.com/Mdxjj/5cf0a31e8abf24ed688ceb5b3543516d

Пакеты

Наименование

@wangeditor/editor

npm

Затронутые версииВерсия исправления

<= 4.7.11

4.7.12

EPSS

Процентиль: 55%

0.00327

Низкий

CVE ID

CVE-2022-25037

Связанные уязвимости

CVE-2022-25037

CVSS3: 5.4

nvd

больше 1 года назад

An issue in wanEditor v4.7.11 and fixed in v.4.7.12 and v.5 was discovered to contain a cross-site scripting (XSS) vulnerability via the image upload function.

EPSS

Процентиль: 55%

0.00327

Низкий

CVE ID

CVE-2022-25037