GHSA-jfcc-rm7f-xgf8

Опубликовано: 03 сент. 2020

Источник: github

Github: Прошло ревью

CVSS3: 6.5

Описание

Cross-Site Scripting in mavon-editor

All versions of mavon-editor are vulnerable to Cross-Site Scripting. The package fails to sanitize entered input, allowing attackers to execute arbitrary JavaScript in a victim's browser.

Recommendation

No fix is currently available. Consider using an alternative package until a fix is made available.

Ссылки

https://github.com/hinesboy/mavonEditor/issues/472
https://github.com/hinesboy/mavonEditor/pull/548
https://github.com/hinesboy/mavonEditor/commit/5592ec3761bd3b5a12ba6f99ce3c4057c6e33f72
https://snyk.io/vuln/SNYK-JS-MAVONEDITOR-459108
https://www.npmjs.com/advisories/1169
https://www.npmjs.com/package/mavon-editor

Пакеты

Наименование

mavon-editor

npm

Затронутые версииВерсия исправления

< 2.8.2

2.8.2

6.5 Medium

CVSS3

Дефекты

CWE-79

6.5 Medium

CVSS3

Дефекты

CWE-79