4 matches found
@bndynet/bbootstrap (>=1.0.2 <=2.2.1), @bndynet/jslib (>=1.0.52 <=2.0.0) +8 more potentially affected by CVE-2019-9737 via editor.md (=1.5.0)
editor.md NPM version =1.5.0 is affected by a known vulnerability. The following packages have a transitive dependency on editor.md and may be impacted: - @bndynet/bbootstrap =1.0.2, =1.0.52, =2.3.6, =1.0.0, =0.2.0, =0.1.1, =0.1.0, =1.0.0, =1.0.3 Source cves: CVE-2019-9737 Source advisory:...
CVE-2019-9737
Editor.md 1.5.0 has DOM-based XSS via vectors involving the 'EMBED SRC="data:image/svg+xml' substring...
CVE-2019-9737
Editor.md 1.5.0 has DOM-based XSS via vectors involving the 'EMBED SRC="data:image/svg+xml' substring...
CVE-2019-9737
Summary: CVE-2019-9737 affects Editor.md 1.5.0 with a DOM-based XSS vulnerability triggered by vectors including the substring <EMBED SRC="data:image/svg+xml.** The root cause is persistent insufficient sanitization of user input that can introduce base64-encoded content, enabling script execu...