Lucene search

K
osvGoogleOSV:GHSA-QCG2-H349-VWM3
HistoryMay 06, 2021 - 3:52 p.m.

Cross-site Scripting in React Draft Wysiwyg

2021-05-0615:52:35
Google
osv.dev
35

0.001 Low

EPSS

Percentile

26.4%

react-draft-wysiwyg (aka React Draft Wysiwyg) before 1.14.6 allows a javascript: URi in a Link Target of the link decorator in decorators/Link/index.js when a draft is shared across users, leading to XSS.

CPENameOperatorVersion
react-draft-wysiwyglt1.14.6

0.001 Low

EPSS

Percentile

26.4%

Related for OSV:GHSA-QCG2-H349-VWM3