CVE-2019-20903

Опубликовано: 01 окт. 2020

Источник: nvd

CVSS3: 5.4

CVSS2: 3.5

EPSS Низкий

Описание

The hyperlinks functionality in atlaskit/editor-core in before version 113.1.5 allows remote attackers to inject arbitrary HTML or JavaScript via a Cross-Site Scripting (XSS) vulnerability in link targets.

Ссылки

https://atlaskit.atlassian.com/packages/editor/editor-core/changelog/113.1.5
Release Notes
Vendor Advisory
https://confluence.atlassian.com/pages/viewpage.action?pageId=1021244735
Vendor Advisory
https://www.npmjs.com/package/%40atlaskit/editor-core
https://atlaskit.atlassian.com/packages/editor/editor-core/changelog/113.1.5
Release Notes
Vendor Advisory
https://confluence.atlassian.com/pages/viewpage.action?pageId=1021244735
Vendor Advisory
https://www.npmjs.com/package/%40atlaskit/editor-core

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:atlassian:editor-core:*:*:*:*:*:node.js:*:*

Версия до 113.1.5 (исключая)

EPSS

Процентиль: 61%

0.0041

Низкий

5.4 Medium

CVSS3

3.5 Low

CVSS2

Дефекты

CWE-79

Связанные уязвимости

GHSA-p5ch-w78f-xh44