4 matches found
CVE-2022-21802 Cross-site Scripting (XSS)
The package grapesjs before 0.19.5 are vulnerable to Cross-site Scripting XSS due to an improper sanitization of the class name in Selector Manager...
CVE-2022-21802
GrapesJS before 0.19.5 is vulnerable to Cross-site Scripting (XSS) due to improper sanitization of the class name in the Selector Manager. Affected component is the GrapesJS web builder/framework; the root cause is inadequate sanitization when adding class names in ClassTagView.ts (Selector Manag...
CVE-2022-21802
The package grapesjs before 0.19.5 are vulnerable to Cross-site Scripting XSS due to an improper sanitization of the class name in Selector Manager...
@adabra/ui-libs-grapesjs-mjml (>=0.0.122 <=0.0.139), @ant-extensions/page-maker (>=0.0.1 <=0.0.5) +44 more potentially affected by CVE-2022-21802 via grapesjs (>=0.10.8 <=0.18.4)
grapesjs NPM version =0.10.8, =0.0.122, =0.0.1, =1.0.6, =0.0.12, =2.0.18, =0.8.1-esbuild, =0.0.1, =1.0.3, =0.10.4, =22.0.8, =0.10.4, =0.0.19, =0.1.5, =0.10.17, =1.0.8 and more Source cves: CVE-2022-21802 Source advisory: SNYK:JS-GRAPESJS-2935960...