Описание
Editor.js is a block-style editor with clean JSON output. Versions prior to 2.26.0 are vulnerable to Code Injection via pasted input. The processHTML method passes pasted input into wrapper’s innerHTML. This issue is patched in version 2.26.0.
Ссылки
- ExploitPatchThird Party Advisory
- ExploitPatchThird Party Advisory
- ExploitPatchThird Party Advisory
- ExploitPatchThird Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 2.26.0 (исключая)
cpe:2.3:a:codex:editor.js:*:*:*:*:*:node.js:*:*
EPSS
Процентиль: 58%
0.00364
Низкий
6.1 Medium
CVSS3
Дефекты
CWE-94
CWE-79
Связанные уязвимости
EPSS
Процентиль: 58%
0.00364
Низкий
6.1 Medium
CVSS3
Дефекты
CWE-94
CWE-79