GHSA-g7mw-5cq6-fv82

Опубликовано: 02 сент. 2020

Источник: github

Github: Прошло ревью

Описание

Cross-Site Scripting in wangeditor

All versions of wangeditor are vulnerable to Cross-Site Scripting. The package fails to properly encode output, allowing arbitrary JavaScript to be inserted in links and executed by browsers.

Recommendation

No fix is currently available. Consider using an alternative module until a fix is made available.

Ссылки

https://github.com/wangfupeng1988/wangEditor/issues/1945
https://github.com/wangfupeng1988/wangEditor
https://snyk.io/vuln/SNYK-JS-WANGEDITOR-174536
https://www.npmjs.com/advisories/876

Пакеты

Наименование

wangeditor

npm

Затронутые версииВерсия исправления

Отсутствует

Дефекты

CWE-79

Дефекты

CWE-79