Cross-site Scripting (XSS)

grapesjs is vulnerable to cross-site scripting. The vulnerability exists due to the lack of sanitization in the class name in ClassTagView.ts when it adds to the selector manager, allowing an attacker to inject and execute malicious javascript...

Cross-site Scripting (XSS)

oro/commerce is vulnerable to cross-site scripting. The vulnerability exists through the grapesjs dependency used in the library as it does not properly validate the class name in ClassTagView.ts when it adds to the selector manager, allowing an attacker to inject and execute malicious javascript...