4 matches found
CVE-2020-27666
Strapi before 3.2.5 has stored XSS in the wysiwyg editor's preview feature...
@koj/strapi (>=0.0.0 <=1.4.0), strapi-editorjs (=0.0.1) +1 more potentially affected by CVE-2020-27666 via strapi-plugin-content-manager (>=3.0.0-beta.18.7 <=3.1.6)
strapi-plugin-content-manager NPM version =3.0.0-beta.18.7, =0.0.0, =0.0.1-alpha.1, =0.0.1-alpha.2 Source cves: CVE-2020-27666 Source advisory: OSV:GHSA-QVP5-MM7V-4F36...
CVE-2020-27666
Strapi before 3.2.5 has stored XSS in the wysiwyg editor's preview feature...
CVE-2020-27666
Strapi before 3.2.5 is affected by a stored XSS in the WYSIWYG editor’s preview feature. The vulnerability arises from unvalidated input being stored and subsequently rendered, enabling an attacker to inject scripts that run in a victim’s browser. A fix is available in Strapi 3.2.5 (see reference...