Cross-site Scripting in React Draft Wysiwyg

🗓️ 06 May 2021 15:35:52Reported by GitHub Advisory DatabaseType

React Draft Wysiwyg allows javascript: URI in Link Target, leading to XSS

Reporter	Title	Published	Views	Family All 8
OSV	Cross-site Scripting in React Draft Wysiwyg	6 May 202115:52	–	osv
OSV	CVE-2021-31712	24 Apr 202121:15	–	osv
Node.js	Cross-Site Scripting	6 May 202115:53	–	nodejs
Veracode	Cross-Site Scripting (XSS)	8 May 202109:15	–	veracode
Prion	Cross site scripting	24 Apr 202121:15	–	prion
Cvelist	CVE-2021-31712	24 Apr 202120:56	–	cvelist
NVD	CVE-2021-31712	24 Apr 202121:15	–	nvd
CVE	CVE-2021-31712	24 Apr 202121:15	–	cve

Vulners

Node

react\-draft\-wysiwygRange<1.14.6

Source	Link
nvd	www.nvd.nist.gov/vuln/detail/CVE-2021-31712
github	www.github.com/jpuri/react-draft-wysiwyg/issues/1102
github	www.github.com/jpuri/react-draft-wysiwyg/pull/1104
github	www.github.com/jpuri/react-draft-wysiwyg/commit/d2faeb612b53f10dff048de7dc57e1f4044b5380
github	www.github.com/advisories/GHSA-qcg2-h349-vwm3

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo

06 May 2021 15:52Current

5.5Medium risk

Vulners AI Score5.5

CVSS23.5

CVSS35.4

EPSS0.00061

CWE-79