Описание
Cross-Site Scripting in diagram-js-direct-editing
Versions of diagram-js-direct-editing prior to 1.4.3 are vulnerable to Cross-Site Scripting. The package fails to sanitize input from the clipboard, allowing attackers to execute arbitrary JavaScript in the victim's browser.
Recommendation
Upgrade to version 1.4.3 or later.
Пакеты
Наименование
diagram-js-direct-editing
npm
Затронутые версииВерсия исправления
< 1.4.3
1.4.3
Дефекты
CWE-79
Дефекты
CWE-79