Lucene search

[email protected]NVD:CVE-2022-21802

HistoryJul 25, 2022 - 2:15 p.m.

CVE-2022-21802

2022-07-2514:15:10

CWE-79

[email protected]

web.nvd.nist.gov

grapesjs

0.19.5

xss

selector manager

vulnerability

CVSS3

6.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

EPSS

0.001

Percentile

43.4%

JSON

The package grapesjs before 0.19.5 are vulnerable to Cross-site Scripting (XSS) due to an improper sanitization of the class name in Selector Manager.

Affected configurations

Nvd

Node

grapesjsgrapesjsRange<0.19.5node.js

VendorProductVersionCPE
grapesjsgrapesjs*cpe:2.3:a:grapesjs:grapesjs:*:*:*:*:*:node.js:*:*

Vendor	Product	Version	CPE
grapesjs	grapesjs	*	cpe:2.3:a:grapesjs:grapesjs::::::node.js::*

References

github.com/artf/grapesjs/commit/13e85d152d486b968265c4b8017e8901e7d89ff3

github.com/artf/grapesjs/issues/4411%23issuecomment-1167202709

github.com/artf/grapesjs/releases/tag/v0.19.5

security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-2936781

security.snyk.io/vuln/SNYK-JS-GRAPESJS-2935960

CVSS3

6.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

EPSS

0.001

Percentile

43.4%

JSON

Related for NVD:CVE-2022-21802

cve1 osv2 github1 veracode1 prion1 cvelist1