3 matches found
Cross-Site Scripting in @toast-ui/editor
Versions of @toast-ui/editor prior to 2.2.0 are vulnerable to Cross-Site Scripting XSS. There are multiple bypasses to the package's built-in XSS sanitization. This may allow attackers to execute arbitrary JavaScript on a victim's browser. Recommendation Upgrade to version 2.2.0 or later...
GHSA-CR56-66MX-293V Cross-Site Scripting in @toast-ui/editor
Versions of @toast-ui/editor prior to 2.2.0 are vulnerable to Cross-Site Scripting XSS. There are multiple bypasses to the package's built-in XSS sanitization. This may allow attackers to execute arbitrary JavaScript on a victim's browser. Recommendation Upgrade to version 2.2.0 or later...
Cross-site Scripting (XSS)
Overview @toast-ui/editor is a GFM Markdown Wysiwyg Editor. Affected versions of this package are vulnerable to Cross-site Scripting XSS. JavaScript inserted into the editor is not sanitized by the library. PoC " src=x onerror="alert1" alert1" alert1" alert1" Details Cross-site scripting or XSS i...