Описание
Duplicate Advisory: @excalidraw/excalidraw Cross-site Scripting vulnerability
Duplicate Advisory
This advisory has been withdrawn because it is a duplicate of GHSA-v7v8-gjv7-ffmr. This link is maintained to preserve external references.
Original Description
Versions of the package @excalidraw/excalidraw from 0.0.0 are vulnerable to Cross-site Scripting (XSS) via embedded links in whiteboard objects due to improper input sanitization.
Пакеты
Наименование
@excalidraw/excalidraw
npm
Затронутые версииВерсия исправления
< 0.15.3
0.15.3
6.1 Medium
CVSS3
Дефекты
CWE-79
6.1 Medium
CVSS3
Дефекты
CWE-79