5 matches found
CVE-2019-14517
pandao Editor.md 1.5.0 allows XSS via the Javascript: string...
@bndynet/bbootstrap (>=1.0.2 <=2.2.1), @bndynet/jslib (>=1.0.52 <=2.0.0) +8 more potentially affected by CVE-2019-14517 via editor.md (=1.5.0)
editor.md NPM version =1.5.0 is affected by a known vulnerability. The following packages have a transitive dependency on editor.md and may be impacted: - @bndynet/bbootstrap =1.0.2, =1.0.52, =2.3.6, =1.0.0, =0.2.0, =0.1.1, =0.1.0, =1.0.0, =1.0.3 Source cves: CVE-2019-14517 Source advisory:...
CVE-2019-14517
pandao Editor.md 1.5.0 allows XSS via the Javasript: string...
CVE-2019-14517
pandao Editor.md 1.5.0 allows XSS via the Javasript: string...
CVE-2019-14517
Summary : CVE-2019-14517 affects pandao Editor.md 1.5.0, where XSS is possible via the Javascript: string due to insufficient sanitization of user input. Multiple sources (Red Hat, GHSA, NVD, CNVD, OSV, Veracode) report the same issue. Impact : cross-site scripting with potential client-side code...