Описание
Cross-site Scripting in React Draft Wysiwyg
react-draft-wysiwyg (aka React Draft Wysiwyg) before 1.14.6 allows a javascript: URi in a Link Target of the link decorator in decorators/Link/index.js when a draft is shared across users, leading to XSS.
Пакеты
Наименование
react-draft-wysiwyg
npm
Затронутые версииВерсия исправления
< 1.14.6
1.14.6
Связанные уязвимости
CVSS3: 5.4
nvd
почти 5 лет назад
react-draft-wysiwyg (aka React Draft Wysiwyg) before 1.14.6 allows a javascript: URi in a Link Target of the link decorator in decorators/Link/index.js when a draft is shared across users, leading to XSS.