2 matches found
@aikiwangdake/nsg-editor-library (>=2.0.0 <=2.0.4), @becomes/cms-ui (>=2.0.0 <=2.0.51) +294 more potentially affected by CVE-2018-19057 via simplemde (=1.11.2)
simplemde NPM version =1.11.2 is affected by a known vulnerability. The following packages have a transitive dependency on simplemde and may be impacted: - @aikiwangdake/nsg-editor-library =2.0.0, =2.0.0, =0.1.0, =0.1.27, =0.2.6, =1.0.0, =1.10.0, =1.0.5, =1.0.26, =1.4.0, =1.4.4 and more Source...
CVE-2018-19057
CVE-2018-19057 affects SimpleMDE 1.11.2. The vulnerability is a cross-site scripting (XSS) issue triggered by an onerror attribute on a crafted IMG element, or by certain input containing [ and ( characters, which is mishandled during the construction of an A element. The issue is described acros...