2 matches found
CVE-2024-34449
Vditor 3.10.3 allows XSS via an attribute of an A element. NOTE: the vendor indicates that a user is supposed to mitigate this via sanitize=true...
CVE-2024-34449
CVE-2024-34449 affects Vditor 3.10.3, with XSS via an attribute of an A element. The underlying issue is insufficient sanitization; vendor guidance is to mitigate by enabling sanitize=true. CVSS 3.1 base score 6.1 (Network attack, low complexity, no privilege, user interaction required, scope cha...